Master interface index:
Module:
acct
Layer:
admin
acct_domtrans(
domain
)
Transition to the accounting management domain.
Module:
acct
Layer:
admin
acct_exec(
domain
)
Execute accounting management tools in the caller domain.
Module:
acct
Layer:
admin
acct_exec_data(
domain
)
Execute accounting management data in the caller domain.
Module:
acct
Layer:
admin
acct_manage_data(
domain
)
Create, read, write, and delete process accounting data.
Module:
authlogin
Layer:
system
auth_domtrans_chk_passwd(
domain
)
Run unix_chkpwd to check a password.
Module:
authlogin
Layer:
system
auth_domtrans_login_program(
domain
,
target_domain
)
Execute a login_program in the target domain.
Module:
authlogin
Layer:
system
auth_domtrans_pam(
domain
)
Execute pam programs in the pam domain.
Module:
authlogin
Layer:
system
auth_domtrans_utempter(
domain
)
Execute utempter programs in the utempter domain.
Module:
authlogin
Layer:
system
auth_dontaudit_getattr_shadow(
domain
)
Do not audit attempts to get the attributes
of the shadow passwords file.
Module:
authlogin
Layer:
system
auth_dontaudit_read_shadow(
domain
)
Do not audit attempts to read the shadow
password file (/etc/shadow).
Module:
authlogin
Layer:
system
auth_getattr_shadow(
domain
)
Get the attributes of the shadow passwords file.
Module:
authlogin
Layer:
system
auth_login_entry_type(
domain
)
Use the login program as an entry point program.
Module:
authlogin
Layer:
system
auth_manage_all_files_except_shadow(
domain
,
[
exception_types
]
)
Manage all files on the filesystem, except
the shadow passwords and listed exceptions.
Module:
authlogin
Layer:
system
auth_read_shadow(
domain
)
Read the shadow passwords file (/etc/shadow)
Module:
authlogin
Layer:
system
auth_relabel_all_files_except_shadow(
domain
,
[
exception_types
]
)
Relabel all files on the filesystem, except
the shadow passwords and listed exceptions.
Module:
authlogin
Layer:
system
auth_run_pam(
domain
,
role
,
terminal
)
Execute pam programs in the PAM domain.
Module:
authlogin
Layer:
system
auth_run_utempter(
domain
,
role
,
terminal
)
Execute utempter programs in the utempter domain.
Module:
authlogin
Layer:
system
auth_rw_shadow(
domain
)
Read and write the shadow password file (/etc/shadow).
Module:
authlogin
Layer:
system
auth_unconfined(
domain
)
Unconfined access to the authlogin module.
Module:
bind
Layer:
services
bind_domtrans_ndc(
domain
)
Execute ndc in the ndc domain.
Module:
bind
Layer:
services
bind_read_config(
domain
)
Read BIND named configuration files.
Module:
bind
Layer:
services
bind_run_ndc(
domain
,
role
,
terminal
)
Execute ndc in the ndc domain, and
allow the specified role the ndc domain.
Module:
bind
Layer:
services
bind_setattr_pid_dir(
domain
)
Do not audit attempts to set the attributes
of the BIND pid directory.
Module:
bind
Layer:
services
bind_write_config(
domain
)
Write BIND named configuration files.
Module:
bootloader
Layer:
kernel
bootloader_create_kernel(
domain
)
Install a kernel into the /boot directory.
Module:
bootloader
Layer:
kernel
bootloader_create_kernel_symbol_table(
domain
)
Install a system.map into the /boot directory.
Module:
bootloader
Layer:
kernel
bootloader_create_runtime_file(
domain
)
Read and write the bootloader
temporary data in /tmp.
Module:
bootloader
Layer:
kernel
bootloader_delete_kernel(
domain
)
Delete a kernel from /boot.
Module:
bootloader
Layer:
kernel
bootloader_delete_kernel_symbol_table(
domain
)
Delete a system.map in the /boot directory.
Module:
bootloader
Layer:
kernel
bootloader_domtrans(
domain
)
Execute bootloader in the bootloader domain.
Module:
bootloader
Layer:
kernel
bootloader_dontaudit_search_boot(
domain
)
Do not audit attempts to search the /boot directory.
Module:
bootloader
Layer:
kernel
bootloader_getattr_kernel_modules(
domain
)
Get the attributes of kernel module files.
Module:
bootloader
Layer:
kernel
bootloader_list_kernel_modules(
domain
)
List the contents of the kernel module directories.
Module:
bootloader
Layer:
kernel
bootloader_manage_kernel_modules(
domain
)
Create, read, write, and delete
kernel module files.
Module:
bootloader
Layer:
kernel
bootloader_read_config(
domain
)
Read the bootloader configuration file.
Module:
bootloader
Layer:
kernel
bootloader_read_kernel_modules(
domain
)
Read kernel module files.
Module:
bootloader
Layer:
kernel
bootloader_read_kernel_symbol_table(
domain
)
Read system.map in the /boot directory.
Module:
bootloader
Layer:
kernel
bootloader_run(
domain
,
role
,
terminal
)
Execute bootloader interactively and do
a domain transition to the bootloader domain.
Module:
bootloader
Layer:
kernel
bootloader_rw_boot_symlinks(
domain
)
Read and write symbolic links
in the /boot directory.
Module:
bootloader
Layer:
kernel
bootloader_rw_config(
domain
)
Read and write the bootloader
configuration file.
Module:
bootloader
Layer:
kernel
bootloader_rw_tmp_file(
domain
)
Read and write the bootloader
temporary data in /tmp.
Module:
bootloader
Layer:
kernel
bootloader_search_boot(
domain
)
Search the /boot directory.
Module:
bootloader
Layer:
kernel
bootloader_write_kernel_modules(
domain
)
Write kernel module files.
Module:
clock
Layer:
system
clock_domtrans(
domain
)
Execute hwclock in the clock domain.
Module:
clock
Layer:
system
clock_exec(
domain
)
Execute hwclock in the caller domain.
Module:
clock
Layer:
system
clock_run(
domain
,
role
,
terminal
)
Execute hwclock in the clock domain, and
allow the specified role the hwclock domain.
Module:
clock
Layer:
system
clock_rw_adjtime(
domain
)
Allow executing domain to modify clock drift
Module:
consoletype
Layer:
admin
consoletype_domtrans(
domain
)
Execute consoletype in the consoletype domain.
Module:
consoletype
Layer:
admin
consoletype_exec(
domain
)
Execute consoletype in the caller domain.
Module:
corecommands
Layer:
system
corecmd_bin_domtrans(
domain
,
target_domain
)
Execute a file in a bin directory
in the specified domain.
Module:
corecommands
Layer:
system
corecmd_getattr_bin_file(
domain
)
Get the attributes of files in bin directories.
Module:
corecommands
Layer:
system
corecmd_read_bin_file(
domain
)
Read files in bin directories.
Module:
corecommands
Layer:
system
corecmd_read_bin_pipe(
domain
)
Read pipes in bin directories.
Module:
corecommands
Layer:
system
corecmd_read_bin_socket(
domain
)
Read named sockets in bin directories.
Module:
corecommands
Layer:
system
corecmd_read_bin_symlink(
domain
)
Read symbolic links in bin directories.
Module:
corecommands
Layer:
system
corecmd_read_sbin_file(
domain
)
Read files in sbin directories.
Module:
corecommands
Layer:
system
corecmd_read_sbin_pipe(
domain
)
Read named pipes in sbin directories.
Module:
corecommands
Layer:
system
corecmd_read_sbin_socket(
domain
)
Read named sockets in sbin directories.
Module:
corecommands
Layer:
system
corecmd_read_sbin_symlink(
domain
)
Read symbolic links in sbin directories.
Module:
corecommands
Layer:
system
corecmd_shell_domtrans(
domain
,
target_domain
)
Execute a shell in the specified domain.
Module:
corecommands
Layer:
system
corecmd_shell_entry_type(
domain
)
Make the shell an entrypoint for the specified domain.
Module:
corecommands
Layer:
system
corecmd_shell_spec_domtrans(
domain
,
target_domain
)
Execute a shell in the target domain. This
is an explicit transition, requiring the
caller to use setexeccon().
Module:
corenetwork
Layer:
kernel
corenet_dontaudit_tcp_bind_all_reserved_ports(
domain
)
Do not audit attempts to bind TCP sockets to all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_dontaudit_udp_bind_all_reserved_ports(
domain
)
Do not audit attempts to bind UDP sockets to all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_all_if(
domain
)
Receive raw IP packets on all interfaces.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_all_nodes(
domain
)
Receive raw IP packets on all nodes.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_compat_ipv4_node(
domain
)
Receive raw IP packets on the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_eth0(
domain
)
Receive raw IP packets on the eth0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_eth1(
domain
)
Receive raw IP packets on the eth1 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_eth2(
domain
)
Receive raw IP packets on the eth2 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_generic_if(
domain
)
Receive raw IP packets on generic interfaces.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_generic_node(
domain
)
Receive raw IP packets on generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_inaddr_any_node(
domain
)
Receive raw IP packets on the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_ippp0(
domain
)
Receive raw IP packets on the ippp0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_ipsec0(
domain
)
Receive raw IP packets on the ipsec0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_ipsec1(
domain
)
Receive raw IP packets on the ipsec1 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_ipsec2(
domain
)
Receive raw IP packets on the ipsec2 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_link_local_node(
domain
)
Receive raw IP packets on the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_lo(
domain
)
Receive raw IP packets on the lo interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_lo_node(
domain
)
Receive raw IP packets on the lo node.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_mapped_ipv4_node(
domain
)
Receive raw IP packets on the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_multicast_node(
domain
)
Receive raw IP packets on the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_site_local_node(
domain
)
Receive raw IP packets on the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_raw_receive_unspec_node(
domain
)
Receive raw IP packets on the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_all_if(
domain
)
Send raw IP packets on all interfaces.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_all_nodes(
domain
)
Send raw IP packets on all nodes.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_compat_ipv4_node(
domain
)
Send raw IP packets on the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_eth0(
domain
)
Send raw IP packets on the eth0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_eth1(
domain
)
Send raw IP packets on the eth1 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_eth2(
domain
)
Send raw IP packets on the eth2 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_generic_if(
domain
)
Send raw IP packets on generic interfaces.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_generic_node(
domain
)
Send raw IP packets on generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_inaddr_any_node(
domain
)
Send raw IP packets on the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_ippp0(
domain
)
Send raw IP packets on the ippp0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_ipsec0(
domain
)
Send raw IP packets on the ipsec0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_ipsec1(
domain
)
Send raw IP packets on the ipsec1 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_ipsec2(
domain
)
Send raw IP packets on the ipsec2 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_link_local_node(
domain
)
Send raw IP packets on the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_lo(
domain
)
Send raw IP packets on the lo interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_lo_node(
domain
)
Send raw IP packets on the lo node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_mapped_ipv4_node(
domain
)
Send raw IP packets on the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_multicast_node(
domain
)
Send raw IP packets on the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_site_local_node(
domain
)
Send raw IP packets on the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_raw_send_unspec_node(
domain
)
Send raw IP packets on the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_all_if(
domain
)
Send and receive raw IP packets on all interfaces.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_all_nodes(
domain
)
Send and receive raw IP packets on all nodes.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_compat_ipv4_node(
domain
)
Send and receive raw IP packets on the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_eth0(
domain
)
Send and receive raw IP packets on the eth0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_eth1(
domain
)
Send and receive raw IP packets on the eth1 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_eth2(
domain
)
Send and receive raw IP packets on the eth2 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_generic_if(
domain
)
Send and receive raw IP packets on generic interfaces.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_generic_node(
domain
)
Send and receive raw IP packets on generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_inaddr_any_node(
domain
)
Send and receive raw IP packets on the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_ippp0(
domain
)
Send and receive raw IP packets on the ippp0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_ipsec0(
domain
)
Send and receive raw IP packets on the ipsec0 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_ipsec1(
domain
)
Send and receive raw IP packets on the ipsec1 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_ipsec2(
domain
)
Send and receive raw IP packets on the ipsec2 interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_link_local_node(
domain
)
Send and receive raw IP packets on the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_lo(
domain
)
Send and receive raw IP packets on the lo interface.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_lo_node(
domain
)
Send and receive raw IP packets on the lo node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_mapped_ipv4_node(
domain
)
Send and receive raw IP packets on the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_multicast_node(
domain
)
Send and receive raw IP packets on the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_site_local_node(
domain
)
Send and receive raw IP packets on the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_raw_sendrecv_unspec_node(
domain
)
Send and receive raw IP packets on the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_all_nodes(
domain
)
Bind TCP sockets to all nodes.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_all_ports(
domain
)
Bind TCP sockets to all ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_all_reserved_ports(
domain
)
Bind TCP sockets to all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_amanda_port(
domain
)
Bind TCP sockets to the amanda port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_compat_ipv4_node(
domain
)
Bind TCP sockets to node compat_ipv4.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_dbskkd_port(
domain
)
Bind TCP sockets to the dbskkd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_dhcpc_port(
domain
)
Bind TCP sockets to the dhcpc port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_dhcpd_port(
domain
)
Bind TCP sockets to the dhcpd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_dict_port(
domain
)
Bind TCP sockets to the dict port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_dns_port(
domain
)
Bind TCP sockets to the dns port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_fingerd_port(
domain
)
Bind TCP sockets to the fingerd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_ftp_data_port(
domain
)
Bind TCP sockets to the ftp_data port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_ftp_port(
domain
)
Bind TCP sockets to the ftp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_generic_node(
domain
)
Bind TCP sockets to generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_generic_port(
domain
)
Bind TCP sockets to generic ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_howl_port(
domain
)
Bind TCP sockets to the howl port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_http_cache_port(
domain
)
Bind TCP sockets to the http_cache port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_http_port(
domain
)
Bind TCP sockets to the http port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_inaddr_any_node(
domain
)
Bind TCP sockets to node inaddr_any.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_inetd_child_port(
domain
)
Bind TCP sockets to the inetd_child port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_innd_port(
domain
)
Bind TCP sockets to the innd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_ipp_port(
domain
)
Bind TCP sockets to the ipp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_kerberos_admin_port(
domain
)
Bind TCP sockets to the kerberos_admin port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_kerberos_master_port(
domain
)
Bind TCP sockets to the kerberos_master port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_kerberos_port(
domain
)
Bind TCP sockets to the kerberos port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_ktalkd_port(
domain
)
Bind TCP sockets to the ktalkd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_ldap_port(
domain
)
Bind TCP sockets to the ldap port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_link_local_node(
domain
)
Bind TCP sockets to node link_local.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_lo_node(
domain
)
Bind TCP sockets to node lo.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_mail_port(
domain
)
Bind TCP sockets to the mail port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_mapped_ipv4_node(
domain
)
Bind TCP sockets to node mapped_ipv4.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_multicast_node(
domain
)
Bind TCP sockets to node multicast.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_mysqld_port(
domain
)
Bind TCP sockets to the mysqld port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_nmbd_port(
domain
)
Bind TCP sockets to the nmbd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_pop_port(
domain
)
Bind TCP sockets to the pop port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_portmap_port(
domain
)
Bind TCP sockets to the portmap port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_postgresql_port(
domain
)
Bind TCP sockets to the postgresql port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_printer_port(
domain
)
Bind TCP sockets to the printer port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_pxe_port(
domain
)
Bind TCP sockets to the pxe port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_radacct_port(
domain
)
Bind TCP sockets to the radacct port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_radius_port(
domain
)
Bind TCP sockets to the radius port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_reserved_port(
domain
)
Bind TCP sockets to generic reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_rsh_port(
domain
)
Bind TCP sockets to the rsh port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_rsync_port(
domain
)
Bind TCP sockets to the rsync port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_site_local_node(
domain
)
Bind TCP sockets to node site_local.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_smbd_port(
domain
)
Bind TCP sockets to the smbd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_smtp_port(
domain
)
Bind TCP sockets to the smtp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_snmp_port(
domain
)
Bind TCP sockets to the snmp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_ssh_port(
domain
)
Bind TCP sockets to the ssh port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_swat_port(
domain
)
Bind TCP sockets to the swat port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_syslogd_port(
domain
)
Bind TCP sockets to the syslogd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_telnetd_port(
domain
)
Bind TCP sockets to the telnetd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_tftp_port(
domain
)
Bind TCP sockets to the tftp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_unspec_node(
domain
)
Bind TCP sockets to node unspec.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_vnc_port(
domain
)
Bind TCP sockets to the vnc port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_xserver_port(
domain
)
Bind TCP sockets to the xserver port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_bind_zebra_port(
domain
)
Bind TCP sockets to the zebra port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_amanda_port(
domain
)
Make a TCP connection to the amanda port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_dbskkd_port(
domain
)
Make a TCP connection to the dbskkd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_dhcpc_port(
domain
)
Make a TCP connection to the dhcpc port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_dhcpd_port(
domain
)
Make a TCP connection to the dhcpd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_dict_port(
domain
)
Make a TCP connection to the dict port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_dns_port(
domain
)
Make a TCP connection to the dns port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_fingerd_port(
domain
)
Make a TCP connection to the fingerd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_ftp_data_port(
domain
)
Make a TCP connection to the ftp_data port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_ftp_port(
domain
)
Make a TCP connection to the ftp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_howl_port(
domain
)
Make a TCP connection to the howl port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_http_cache_port(
domain
)
Make a TCP connection to the http_cache port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_http_port(
domain
)
Make a TCP connection to the http port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_inetd_child_port(
domain
)
Make a TCP connection to the inetd_child port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_innd_port(
domain
)
Make a TCP connection to the innd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_ipp_port(
domain
)
Make a TCP connection to the ipp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_kerberos_admin_port(
domain
)
Make a TCP connection to the kerberos_admin port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_kerberos_master_port(
domain
)
Make a TCP connection to the kerberos_master port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_kerberos_port(
domain
)
Make a TCP connection to the kerberos port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_ktalkd_port(
domain
)
Make a TCP connection to the ktalkd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_ldap_port(
domain
)
Make a TCP connection to the ldap port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_mail_port(
domain
)
Make a TCP connection to the mail port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_mysqld_port(
domain
)
Make a TCP connection to the mysqld port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_nmbd_port(
domain
)
Make a TCP connection to the nmbd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_pop_port(
domain
)
Make a TCP connection to the pop port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_portmap_port(
domain
)
Make a TCP connection to the portmap port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_postgresql_port(
domain
)
Make a TCP connection to the postgresql port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_printer_port(
domain
)
Make a TCP connection to the printer port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_pxe_port(
domain
)
Make a TCP connection to the pxe port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_radacct_port(
domain
)
Make a TCP connection to the radacct port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_radius_port(
domain
)
Make a TCP connection to the radius port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_rsh_port(
domain
)
Make a TCP connection to the rsh port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_rsync_port(
domain
)
Make a TCP connection to the rsync port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_smbd_port(
domain
)
Make a TCP connection to the smbd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_smtp_port(
domain
)
Make a TCP connection to the smtp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_snmp_port(
domain
)
Make a TCP connection to the snmp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_ssh_port(
domain
)
Make a TCP connection to the ssh port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_swat_port(
domain
)
Make a TCP connection to the swat port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_syslogd_port(
domain
)
Make a TCP connection to the syslogd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_telnetd_port(
domain
)
Make a TCP connection to the telnetd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_tftp_port(
domain
)
Make a TCP connection to the tftp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_vnc_port(
domain
)
Make a TCP connection to the vnc port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_xserver_port(
domain
)
Make a TCP connection to the xserver port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_connect_zebra_port(
domain
)
Make a TCP connection to the zebra port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_all_if(
domain
)
Send and receive TCP network traffic on all interfaces.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_all_nodes(
domain
)
Send and receive TCP network traffic on all nodes.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_all_ports(
domain
)
Send and receive TCP network traffic on all ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_all_reserved_ports(
domain
)
Send and receive TCP network traffic on all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_amanda_port(
domain
)
Send and receive TCP traffic on the amanda port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_compat_ipv4_node(
domain
)
Send and receive TCP traffic on the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_dbskkd_port(
domain
)
Send and receive TCP traffic on the dbskkd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_dhcpc_port(
domain
)
Send and receive TCP traffic on the dhcpc port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_dhcpd_port(
domain
)
Send and receive TCP traffic on the dhcpd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_dict_port(
domain
)
Send and receive TCP traffic on the dict port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_dns_port(
domain
)
Send and receive TCP traffic on the dns port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_eth0(
domain
)
Send and receive TCP network traffic on the eth0 interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_eth1(
domain
)
Send and receive TCP network traffic on the eth1 interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_eth2(
domain
)
Send and receive TCP network traffic on the eth2 interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_fingerd_port(
domain
)
Send and receive TCP traffic on the fingerd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ftp_data_port(
domain
)
Send and receive TCP traffic on the ftp_data port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ftp_port(
domain
)
Send and receive TCP traffic on the ftp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_generic_if(
domain
)
Send and receive TCP network traffic on the generic interfaces.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_generic_node(
domain
)
Send and receive TCP network traffic on generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_generic_port(
domain
)
Send and receive TCP network traffic on generic ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_howl_port(
domain
)
Send and receive TCP traffic on the howl port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_http_cache_port(
domain
)
Send and receive TCP traffic on the http_cache port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_http_port(
domain
)
Send and receive TCP traffic on the http port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_inaddr_any_node(
domain
)
Send and receive TCP traffic on the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_inetd_child_port(
domain
)
Send and receive TCP traffic on the inetd_child port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_innd_port(
domain
)
Send and receive TCP traffic on the innd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ipp_port(
domain
)
Send and receive TCP traffic on the ipp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ippp0(
domain
)
Send and receive TCP network traffic on the ippp0 interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ipsec0(
domain
)
Send and receive TCP network traffic on the ipsec0 interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ipsec1(
domain
)
Send and receive TCP network traffic on the ipsec1 interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ipsec2(
domain
)
Send and receive TCP network traffic on the ipsec2 interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_kerberos_admin_port(
domain
)
Send and receive TCP traffic on the kerberos_admin port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_kerberos_master_port(
domain
)
Send and receive TCP traffic on the kerberos_master port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_kerberos_port(
domain
)
Send and receive TCP traffic on the kerberos port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ktalkd_port(
domain
)
Send and receive TCP traffic on the ktalkd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ldap_port(
domain
)
Send and receive TCP traffic on the ldap port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_link_local_node(
domain
)
Send and receive TCP traffic on the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_lo(
domain
)
Send and receive TCP network traffic on the lo interface.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_lo_node(
domain
)
Send and receive TCP traffic on the lo node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_mail_port(
domain
)
Send and receive TCP traffic on the mail port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_mapped_ipv4_node(
domain
)
Send and receive TCP traffic on the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_multicast_node(
domain
)
Send and receive TCP traffic on the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_mysqld_port(
domain
)
Send and receive TCP traffic on the mysqld port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_nmbd_port(
domain
)
Send and receive TCP traffic on the nmbd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_pop_port(
domain
)
Send and receive TCP traffic on the pop port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_portmap_port(
domain
)
Send and receive TCP traffic on the portmap port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_postgresql_port(
domain
)
Send and receive TCP traffic on the postgresql port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_printer_port(
domain
)
Send and receive TCP traffic on the printer port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_pxe_port(
domain
)
Send and receive TCP traffic on the pxe port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_radacct_port(
domain
)
Send and receive TCP traffic on the radacct port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_radius_port(
domain
)
Send and receive TCP traffic on the radius port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_reserved_port(
domain
)
Send and receive TCP network traffic on generic reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_rsh_port(
domain
)
Send and receive TCP traffic on the rsh port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_rsync_port(
domain
)
Send and receive TCP traffic on the rsync port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_site_local_node(
domain
)
Send and receive TCP traffic on the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_smbd_port(
domain
)
Send and receive TCP traffic on the smbd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_smtp_port(
domain
)
Send and receive TCP traffic on the smtp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_snmp_port(
domain
)
Send and receive TCP traffic on the snmp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_ssh_port(
domain
)
Send and receive TCP traffic on the ssh port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_swat_port(
domain
)
Send and receive TCP traffic on the swat port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_syslogd_port(
domain
)
Send and receive TCP traffic on the syslogd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_telnetd_port(
domain
)
Send and receive TCP traffic on the telnetd port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_tftp_port(
domain
)
Send and receive TCP traffic on the tftp port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_unspec_node(
domain
)
Send and receive TCP traffic on the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_vnc_port(
domain
)
Send and receive TCP traffic on the vnc port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_xserver_port(
domain
)
Send and receive TCP traffic on the xserver port.
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_zebra_port(
domain
)
Send and receive TCP traffic on the zebra port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_all_nodes(
domain
)
Bind UDP sockets to all nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_all_ports(
domain
)
Bind UDP sockets to all ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_all_reserved_ports(
domain
)
Bind UDP sockets to all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_amanda_port(
domain
)
Bind UDP sockets to the amanda port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_compat_ipv4_node(
domain
)
Bind UDP sockets to the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_dbskkd_port(
domain
)
Bind UDP sockets to the dbskkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_dhcpc_port(
domain
)
Bind UDP sockets to the dhcpc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_dhcpd_port(
domain
)
Bind UDP sockets to the dhcpd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_dict_port(
domain
)
Bind UDP sockets to the dict port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_dns_port(
domain
)
Bind UDP sockets to the dns port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_fingerd_port(
domain
)
Bind UDP sockets to the fingerd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_ftp_data_port(
domain
)
Bind UDP sockets to the ftp_data port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_ftp_port(
domain
)
Bind UDP sockets to the ftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_generic_node(
domain
)
Bind UDP sockets to generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_generic_port(
domain
)
Bind UDP sockets to generic ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_howl_port(
domain
)
Bind UDP sockets to the howl port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_http_cache_port(
domain
)
Bind UDP sockets to the http_cache port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_http_port(
domain
)
Bind UDP sockets to the http port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_inaddr_any_node(
domain
)
Bind UDP sockets to the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_inetd_child_port(
domain
)
Bind UDP sockets to the inetd_child port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_innd_port(
domain
)
Bind UDP sockets to the innd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_ipp_port(
domain
)
Bind UDP sockets to the ipp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_kerberos_admin_port(
domain
)
Bind UDP sockets to the kerberos_admin port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_kerberos_master_port(
domain
)
Bind UDP sockets to the kerberos_master port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_kerberos_port(
domain
)
Bind UDP sockets to the kerberos port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_ktalkd_port(
domain
)
Bind UDP sockets to the ktalkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_ldap_port(
domain
)
Bind UDP sockets to the ldap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_link_local_node(
domain
)
Bind UDP sockets to the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_lo_node(
domain
)
Bind UDP sockets to the lo node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_mail_port(
domain
)
Bind UDP sockets to the mail port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_mapped_ipv4_node(
domain
)
Bind UDP sockets to the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_multicast_node(
domain
)
Bind UDP sockets to the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_mysqld_port(
domain
)
Bind UDP sockets to the mysqld port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_nmbd_port(
domain
)
Bind UDP sockets to the nmbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_pop_port(
domain
)
Bind UDP sockets to the pop port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_portmap_port(
domain
)
Bind UDP sockets to the portmap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_postgresql_port(
domain
)
Bind UDP sockets to the postgresql port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_printer_port(
domain
)
Bind UDP sockets to the printer port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_pxe_port(
domain
)
Bind UDP sockets to the pxe port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_radacct_port(
domain
)
Bind UDP sockets to the radacct port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_radius_port(
domain
)
Bind UDP sockets to the radius port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_reserved_port(
domain
)
Bind UDP sockets to generic reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_rsh_port(
domain
)
Bind UDP sockets to the rsh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_rsync_port(
domain
)
Bind UDP sockets to the rsync port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_site_local_node(
domain
)
Bind UDP sockets to the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_smbd_port(
domain
)
Bind UDP sockets to the smbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_smtp_port(
domain
)
Bind UDP sockets to the smtp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_snmp_port(
domain
)
Bind UDP sockets to the snmp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_ssh_port(
domain
)
Bind UDP sockets to the ssh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_swat_port(
domain
)
Bind UDP sockets to the swat port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_syslogd_port(
domain
)
Bind UDP sockets to the syslogd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_telnetd_port(
domain
)
Bind UDP sockets to the telnetd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_tftp_port(
domain
)
Bind UDP sockets to the tftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_unspec_node(
domain
)
Bind UDP sockets to the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_vnc_port(
domain
)
Bind UDP sockets to the vnc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_xserver_port(
domain
)
Bind UDP sockets to the xserver port.
Module:
corenetwork
Layer:
kernel
corenet_udp_bind_zebra_port(
domain
)
Bind UDP sockets to the zebra port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_all_if(
domain
)
Receive UDP network traffic on all interfaces.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_all_nodes(
domain
)
Receive UDP network traffic on all nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_all_ports(
domain
)
Receive UDP network traffic on all ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_all_reserved_ports(
domain
)
Receive UDP network traffic on all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_amanda_port(
domain
)
Receive UDP traffic on the amanda port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_compat_ipv4_node(
domain
)
Receive UDP traffic on the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_dbskkd_port(
domain
)
Receive UDP traffic on the dbskkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_dhcpc_port(
domain
)
Receive UDP traffic on the dhcpc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_dhcpd_port(
domain
)
Receive UDP traffic on the dhcpd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_dict_port(
domain
)
Receive UDP traffic on the dict port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_dns_port(
domain
)
Receive UDP traffic on the dns port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_eth0(
domain
)
Receive UDP network traffic on the eth0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_eth1(
domain
)
Receive UDP network traffic on the eth1 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_eth2(
domain
)
Receive UDP network traffic on the eth2 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_fingerd_port(
domain
)
Receive UDP traffic on the fingerd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ftp_data_port(
domain
)
Receive UDP traffic on the ftp_data port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ftp_port(
domain
)
Receive UDP traffic on the ftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_generic_if(
domain
)
Receive UDP network traffic on generic interfaces.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_generic_node(
domain
)
Receive UDP network traffic on generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_generic_port(
domain
)
Receive UDP network traffic on generic ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_howl_port(
domain
)
Receive UDP traffic on the howl port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_http_cache_port(
domain
)
Receive UDP traffic on the http_cache port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_http_port(
domain
)
Receive UDP traffic on the http port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_inaddr_any_node(
domain
)
Receive UDP traffic on the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_inetd_child_port(
domain
)
Receive UDP traffic on the inetd_child port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_innd_port(
domain
)
Receive UDP traffic on the innd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ipp_port(
domain
)
Receive UDP traffic on the ipp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ippp0(
domain
)
Receive UDP network traffic on the ippp0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ipsec0(
domain
)
Receive UDP network traffic on the ipsec0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ipsec1(
domain
)
Receive UDP network traffic on the ipsec1 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ipsec2(
domain
)
Receive UDP network traffic on the ipsec2 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_kerberos_admin_port(
domain
)
Receive UDP traffic on the kerberos_admin port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_kerberos_master_port(
domain
)
Receive UDP traffic on the kerberos_master port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_kerberos_port(
domain
)
Receive UDP traffic on the kerberos port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ktalkd_port(
domain
)
Receive UDP traffic on the ktalkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ldap_port(
domain
)
Receive UDP traffic on the ldap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_link_local_node(
domain
)
Receive UDP traffic on the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_lo(
domain
)
Receive UDP network traffic on the lo interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_lo_node(
domain
)
Receive UDP traffic on the lo node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_mail_port(
domain
)
Receive UDP traffic on the mail port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_mapped_ipv4_node(
domain
)
Receive UDP traffic on the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_multicast_node(
domain
)
Receive UDP traffic on the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_mysqld_port(
domain
)
Receive UDP traffic on the mysqld port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_nmbd_port(
domain
)
Receive UDP traffic on the nmbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_pop_port(
domain
)
Receive UDP traffic on the pop port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_portmap_port(
domain
)
Receive UDP traffic on the portmap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_postgresql_port(
domain
)
Receive UDP traffic on the postgresql port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_printer_port(
domain
)
Receive UDP traffic on the printer port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_pxe_port(
domain
)
Receive UDP traffic on the pxe port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_radacct_port(
domain
)
Receive UDP traffic on the radacct port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_radius_port(
domain
)
Receive UDP traffic on the radius port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_reserved_port(
domain
)
Receive UDP network traffic on generic reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_rsh_port(
domain
)
Receive UDP traffic on the rsh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_rsync_port(
domain
)
Receive UDP traffic on the rsync port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_site_local_node(
domain
)
Receive UDP traffic on the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_smbd_port(
domain
)
Receive UDP traffic on the smbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_smtp_port(
domain
)
Receive UDP traffic on the smtp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_snmp_port(
domain
)
Receive UDP traffic on the snmp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_ssh_port(
domain
)
Receive UDP traffic on the ssh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_swat_port(
domain
)
Receive UDP traffic on the swat port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_syslogd_port(
domain
)
Receive UDP traffic on the syslogd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_telnetd_port(
domain
)
Receive UDP traffic on the telnetd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_tftp_port(
domain
)
Receive UDP traffic on the tftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_unspec_node(
domain
)
Receive UDP traffic on the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_vnc_port(
domain
)
Receive UDP traffic on the vnc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_xserver_port(
domain
)
Receive UDP traffic on the xserver port.
Module:
corenetwork
Layer:
kernel
corenet_udp_receive_zebra_port(
domain
)
Receive UDP traffic on the zebra port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_all_if(
domain
)
Send UDP network traffic on all interfaces.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_all_nodes(
domain
)
Send UDP network traffic on all nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_all_ports(
domain
)
Send UDP network traffic on all ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_all_reserved_ports(
domain
)
Send UDP network traffic on all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_amanda_port(
domain
)
Send UDP traffic on the amanda port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_compat_ipv4_node(
domain
)
Send UDP traffic on the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_dbskkd_port(
domain
)
Send UDP traffic on the dbskkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_dhcpc_port(
domain
)
Send UDP traffic on the dhcpc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_dhcpd_port(
domain
)
Send UDP traffic on the dhcpd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_dict_port(
domain
)
Send UDP traffic on the dict port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_dns_port(
domain
)
Send UDP traffic on the dns port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_eth0(
domain
)
Send UDP network traffic on the eth0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_eth1(
domain
)
Send UDP network traffic on the eth1 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_eth2(
domain
)
Send UDP network traffic on the eth2 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_fingerd_port(
domain
)
Send UDP traffic on the fingerd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ftp_data_port(
domain
)
Send UDP traffic on the ftp_data port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ftp_port(
domain
)
Send UDP traffic on the ftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_generic_if(
domain
)
Send UDP network traffic on generic interfaces.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_generic_node(
domain
)
Send UDP network traffic on generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_generic_port(
domain
)
Send UDP network traffic on generic ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_howl_port(
domain
)
Send UDP traffic on the howl port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_http_cache_port(
domain
)
Send UDP traffic on the http_cache port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_http_port(
domain
)
Send UDP traffic on the http port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_inaddr_any_node(
domain
)
Send UDP traffic on the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_inetd_child_port(
domain
)
Send UDP traffic on the inetd_child port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_innd_port(
domain
)
Send UDP traffic on the innd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ipp_port(
domain
)
Send UDP traffic on the ipp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ippp0(
domain
)
Send UDP network traffic on the ippp0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ipsec0(
domain
)
Send UDP network traffic on the ipsec0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ipsec1(
domain
)
Send UDP network traffic on the ipsec1 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ipsec2(
domain
)
Send UDP network traffic on the ipsec2 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_kerberos_admin_port(
domain
)
Send UDP traffic on the kerberos_admin port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_kerberos_master_port(
domain
)
Send UDP traffic on the kerberos_master port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_kerberos_port(
domain
)
Send UDP traffic on the kerberos port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ktalkd_port(
domain
)
Send UDP traffic on the ktalkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ldap_port(
domain
)
Send UDP traffic on the ldap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_link_local_node(
domain
)
Send UDP traffic on the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_lo(
domain
)
Send UDP network traffic on the lo interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_lo_node(
domain
)
Send UDP traffic on the lo node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_mail_port(
domain
)
Send UDP traffic on the mail port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_mapped_ipv4_node(
domain
)
Send UDP traffic on the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_multicast_node(
domain
)
Send UDP traffic on the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_mysqld_port(
domain
)
Send UDP traffic on the mysqld port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_nmbd_port(
domain
)
Send UDP traffic on the nmbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_pop_port(
domain
)
Send UDP traffic on the pop port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_portmap_port(
domain
)
Send UDP traffic on the portmap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_postgresql_port(
domain
)
Send UDP traffic on the postgresql port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_printer_port(
domain
)
Send UDP traffic on the printer port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_pxe_port(
domain
)
Send UDP traffic on the pxe port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_radacct_port(
domain
)
Send UDP traffic on the radacct port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_radius_port(
domain
)
Send UDP traffic on the radius port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_reserved_port(
domain
)
Send UDP network traffic on generic reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_rsh_port(
domain
)
Send UDP traffic on the rsh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_rsync_port(
domain
)
Send UDP traffic on the rsync port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_site_local_node(
domain
)
Send UDP traffic on the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_smbd_port(
domain
)
Send UDP traffic on the smbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_smtp_port(
domain
)
Send UDP traffic on the smtp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_snmp_port(
domain
)
Send UDP traffic on the snmp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_ssh_port(
domain
)
Send UDP traffic on the ssh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_swat_port(
domain
)
Send UDP traffic on the swat port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_syslogd_port(
domain
)
Send UDP traffic on the syslogd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_telnetd_port(
domain
)
Send UDP traffic on the telnetd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_tftp_port(
domain
)
Send UDP traffic on the tftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_unspec_node(
domain
)
Send UDP traffic on the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_vnc_port(
domain
)
Send UDP traffic on the vnc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_xserver_port(
domain
)
Send UDP traffic on the xserver port.
Module:
corenetwork
Layer:
kernel
corenet_udp_send_zebra_port(
domain
)
Send UDP traffic on the zebra port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_all_if(
domain
)
Send and receive UDP network traffic on all interfaces.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_all_nodes(
domain
)
Send and receive UDP network traffic on all nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_all_ports(
domain
)
Send and receive UDP network traffic on all ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_all_reserved_ports(
domain
)
Send and receive UDP network traffic on all reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_amanda_port(
domain
)
Send and receive UDP traffic on the amanda port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_compat_ipv4_node(
domain
)
Send and receive UDP traffic on the compat_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_dbskkd_port(
domain
)
Send and receive UDP traffic on the dbskkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_dhcpc_port(
domain
)
Send and receive UDP traffic on the dhcpc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_dhcpd_port(
domain
)
Send and receive UDP traffic on the dhcpd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_dict_port(
domain
)
Send and receive UDP traffic on the dict port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_dns_port(
domain
)
Send and receive UDP traffic on the dns port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_eth0(
domain
)
Send and receive UDP network traffic on the eth0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_eth1(
domain
)
Send and receive UDP network traffic on the eth1 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_eth2(
domain
)
Send and receive UDP network traffic on the eth2 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_fingerd_port(
domain
)
Send and receive UDP traffic on the fingerd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ftp_data_port(
domain
)
Send and receive UDP traffic on the ftp_data port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ftp_port(
domain
)
Send and receive UDP traffic on the ftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_generic_if(
domain
)
Send and Receive UDP network traffic on generic interfaces.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_generic_node(
domain
)
Send and receive UDP network traffic on generic nodes.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_generic_port(
domain
)
Send and receive UDP network traffic on generic ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_howl_port(
domain
)
Send and receive UDP traffic on the howl port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_http_cache_port(
domain
)
Send and receive UDP traffic on the http_cache port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_http_port(
domain
)
Send and receive UDP traffic on the http port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_inaddr_any_node(
domain
)
Send and receive UDP traffic on the inaddr_any node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_inetd_child_port(
domain
)
Send and receive UDP traffic on the inetd_child port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_innd_port(
domain
)
Send and receive UDP traffic on the innd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ipp_port(
domain
)
Send and receive UDP traffic on the ipp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ippp0(
domain
)
Send and receive UDP network traffic on the ippp0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ipsec0(
domain
)
Send and receive UDP network traffic on the ipsec0 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ipsec1(
domain
)
Send and receive UDP network traffic on the ipsec1 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ipsec2(
domain
)
Send and receive UDP network traffic on the ipsec2 interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_kerberos_admin_port(
domain
)
Send and receive UDP traffic on the kerberos_admin port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_kerberos_master_port(
domain
)
Send and receive UDP traffic on the kerberos_master port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_kerberos_port(
domain
)
Send and receive UDP traffic on the kerberos port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ktalkd_port(
domain
)
Send and receive UDP traffic on the ktalkd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ldap_port(
domain
)
Send and receive UDP traffic on the ldap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_link_local_node(
domain
)
Send and receive UDP traffic on the link_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_lo(
domain
)
Send and receive UDP network traffic on the lo interface.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_lo_node(
domain
)
Send and receive UDP traffic on the lo node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_mail_port(
domain
)
Send and receive UDP traffic on the mail port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_mapped_ipv4_node(
domain
)
Send and receive UDP traffic on the mapped_ipv4 node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_multicast_node(
domain
)
Send and receive UDP traffic on the multicast node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_mysqld_port(
domain
)
Send and receive UDP traffic on the mysqld port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_nmbd_port(
domain
)
Send and receive UDP traffic on the nmbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_pop_port(
domain
)
Send and receive UDP traffic on the pop port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_portmap_port(
domain
)
Send and receive UDP traffic on the portmap port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_postgresql_port(
domain
)
Send and receive UDP traffic on the postgresql port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_printer_port(
domain
)
Send and receive UDP traffic on the printer port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_pxe_port(
domain
)
Send and receive UDP traffic on the pxe port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_radacct_port(
domain
)
Send and receive UDP traffic on the radacct port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_radius_port(
domain
)
Send and receive UDP traffic on the radius port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_reserved_port(
domain
)
Send and receive UDP network traffic on generic reserved ports.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_rsh_port(
domain
)
Send and receive UDP traffic on the rsh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_rsync_port(
domain
)
Send and receive UDP traffic on the rsync port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_site_local_node(
domain
)
Send and receive UDP traffic on the site_local node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_smbd_port(
domain
)
Send and receive UDP traffic on the smbd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_smtp_port(
domain
)
Send and receive UDP traffic on the smtp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_snmp_port(
domain
)
Send and receive UDP traffic on the snmp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_ssh_port(
domain
)
Send and receive UDP traffic on the ssh port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_swat_port(
domain
)
Send and receive UDP traffic on the swat port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_syslogd_port(
domain
)
Send and receive UDP traffic on the syslogd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_telnetd_port(
domain
)
Send and receive UDP traffic on the telnetd port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_tftp_port(
domain
)
Send and receive UDP traffic on the tftp port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_unspec_node(
domain
)
Send and receive UDP traffic on the unspec node.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_vnc_port(
domain
)
Send and receive UDP traffic on the vnc port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_xserver_port(
domain
)
Send and receive UDP traffic on the xserver port.
Module:
corenetwork
Layer:
kernel
corenet_udp_sendrecv_zebra_port(
domain
)
Send and receive UDP traffic on the zebra port.
Module:
corenetwork
Layer:
kernel
corenet_unconfined(
domain
)
Unconfined access to network objects.
Module:
corenetwork
Layer:
kernel
corenet_use_tun_tap_device(
domain
)
Read and write the TUN/TAP virtual network device.
Module:
cron
Layer:
services
cron_read_pipe(
domain
)
Read a cron daemon unnamed pipe
Module:
cron
Layer:
services
cron_rw_log(
domain
)
Read and write the cron daemon log files.
Module:
cron
Layer:
services
cron_search_spool(
domain
)
Search the directory containing user cron tables.
Module:
cron
Layer:
services
cron_system_entry(
domain
,
entrypoint
)
Make the specified program domain accessable
from the system cron jobs.
Module:
devices
Layer:
kernel
dev_create_dev_node(
domain
,
file
,
objectclass(es)
)
Create, read, and write device nodes. The node
will be transitioned to the type provided.
Module:
devices
Layer:
kernel
dev_create_dir(
domain
)
Create a directory in the device directory.
Module:
devices
Layer:
kernel
dev_create_generic_chr_file(
domain
)
Allow read, write, and create for generic character device files.
Module:
devices
Layer:
kernel
dev_del_generic_symlinks(
domain
)
Delete symbolic links in device directories.
Module:
devices
Layer:
kernel
dev_delete_lvm_control(
domain
)
Delete the lvm control device.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_all_blk_files(
domain
)
Dontaudit getattr on all block file device nodes.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_all_chr_files(
domain
)
Dontaudit getattr on all character file device nodes.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_apm_bios(
domain
)
Do not audit attempts to get the attributes of
the apm bios device node.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_generic_blk_file(
domain
)
Dontaudit getattr on generic block devices.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_generic_chr_file(
domain
)
Dontaudit getattr for generic character device files.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_generic_pipe(
domain
)
Dontaudit getattr on generic pipes.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_misc(
domain
)
Do not audit attempts to get the attributes
of miscellaneous devices.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_scanner(
domain
)
Do not audit attempts to get the attributes of
the scanner device.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_video_dev(
domain
)
Do not audit attempts to get the attributes
of video4linux device nodes.
Module:
devices
Layer:
kernel
dev_dontaudit_list_all_dev_nodes(
domain
)
Dontaudit attempts to list all device nodes.
Module:
devices
Layer:
kernel
dev_dontaudit_read_framebuffer(
domain
)
Do not audit attempts to read the framebuffer.
Module:
devices
Layer:
kernel
dev_dontaudit_rw_cardmgr(
domain
)
Do not audit attempts to read and
write the PCMCIA card manager device.
Module:
devices
Layer:
kernel
dev_dontaudit_rw_dri_dev(
domain
)
Dontaudit read and write on the dri devices.
Module:
devices
Layer:
kernel
dev_dontaudit_rw_generic_dev_nodes(
domain
)
Dontaudit getattr for generic device files.
Module:
devices
Layer:
kernel
dev_dontaudit_search_sysfs(
domain
)
Do not audit attempts to search sysfs.
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_apm_bios(
domain
)
Do not audit attempts to set the attributes of
the apm bios device node.
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_framebuffer(
domain
)
Dot not audit attempts to set the attributes
of the framebuffer device node.
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_generic_blk_file(
domain
)
Dontaudit setattr on generic block devices.
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_generic_chr_file(
domain
)
Dontaudit setattr for generic character device files.
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_generic_symlink(
domain
)
Do not audit attempts to set the attributes
of symbolic links in device directories (/dev).
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_misc(
domain
)
Do not audit attempts to set the attributes
of miscellaneous devices.
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_scanner(
domain
)
Do not audit attempts to set the attributes of
the scanner device.
Module:
devices
Layer:
kernel
dev_dontaudit_setattr_video_dev(
domain
)
Do not audit attempts to set the attributes
of video4linux device nodes.
Module:
devices
Layer:
kernel
dev_getattr_all_blk_files(
domain
)
Getattr on all block file device nodes.
Module:
devices
Layer:
kernel
dev_getattr_all_chr_files(
domain
)
Getattr on all character file device nodes.
Module:
devices
Layer:
kernel
dev_getattr_apm_bios(
domain
)
Get the attributes of the apm bios device node.
Module:
devices
Layer:
kernel
dev_getattr_framebuffer(
domain
)
Get the attributes of the framebuffer device node.
Module:
devices
Layer:
kernel
dev_getattr_generic_blk_file(
domain
)
Allow getattr on generic block devices.
Module:
devices
Layer:
kernel
dev_getattr_generic_chr_file(
domain
)
Allow getattr for generic character device files.
Module:
devices
Layer:
kernel
dev_getattr_misc(
domain
)
Get the attributes of miscellaneous devices.
Module:
devices
Layer:
kernel
dev_getattr_mouse(
domain
)
Get the attributes of the mouse devices.
Module:
devices
Layer:
kernel
dev_getattr_power_management(
domain
)
Get the attributes of the the power management device.
Module:
devices
Layer:
kernel
dev_getattr_scanner(
domain
)
Get the attributes of the scanner device.
Module:
devices
Layer:
kernel
dev_getattr_snd_dev(
domain
)
Get the attributes of the sound devices.
Module:
devices
Layer:
kernel
dev_getattr_sysfs_dir(
domain
)
Get the attributes of sysfs directories.
Module:
devices
Layer:
kernel
dev_getattr_usbfs_dir(
domain
)
Get the attributes of a directory in the usb filesystem.
Module:
devices
Layer:
kernel
dev_getattr_video_dev(
domain
)
Get the attributes of video4linux devices.
Module:
devices
Layer:
kernel
dev_list_all_dev_nodes(
domain
)
List all of the device nodes in a device directory.
Module:
devices
Layer:
kernel
dev_list_sysfs(
domain
)
List the contents of the sysfs directories.
Module:
devices
Layer:
kernel
dev_list_usbfs(
domain
)
Allow caller to get a list of usb hardware.
Module:
devices
Layer:
kernel
dev_manage_all_blk_files(
domain
)
Read, write, create, and delete all block device files.
Module:
devices
Layer:
kernel
dev_manage_all_chr_files(
domain
)
Read, write, create, and delete all character device files.
Module:
devices
Layer:
kernel
dev_manage_dev_nodes(
domain
)
Create, delete, read, and write device nodes in device directories.
Module:
devices
Layer:
kernel
dev_manage_generic_blk_file(
domain
)
Allow read, write, create, and delete for generic
block files.
Module:
devices
Layer:
kernel
dev_manage_generic_blk_file(
domain
)
Create, delete, read, and write block device files.
Module:
devices
Layer:
kernel
dev_manage_generic_chr_file(
domain
)
Create, delete, read, and write character device files.
Module:
devices
Layer:
kernel
dev_manage_generic_symlinks(
domain
)
Create, delete, read, and write symbolic links in device directories.
Module:
devices
Layer:
kernel
dev_mount_usbfs(
domain
)
Mount a usbfs filesystem.
Module:
devices
Layer:
kernel
dev_node(
object_type
)
Make the passed in type a type appropriate for
use on device nodes (usually files in /dev).
Module:
devices
Layer:
kernel
dev_read_input(
domain
)
Read input event devices (/dev/input).
Module:
devices
Layer:
kernel
dev_read_lvm_control(
domain
)
Read the lvm comtrol device.
Module:
devices
Layer:
kernel
dev_read_misc(
domain
)
Read miscellaneous devices.
Module:
devices
Layer:
kernel
dev_read_rand(
domain
)
Read from random devices (e.g., /dev/random)
Module:
devices
Layer:
kernel
dev_read_raw_memory(
domain
)
Read raw memory devices (e.g. /dev/mem).
Module:
devices
Layer:
kernel
dev_read_realtime_clock(
domain
)
Read the realtime clock (/dev/rtc).
Module:
devices
Layer:
kernel
dev_read_snd_mixer_dev(
domain
)
Read the sound mixer devices.
Module:
devices
Layer:
kernel
dev_read_sysfs(
domain
)
Allow caller to read hardware state information.
Module:
devices
Layer:
kernel
dev_read_urand(
domain
)
Read from pseudo random devices (e.g., /dev/urandom)
Module:
devices
Layer:
kernel
dev_read_usbfs(
domain
)
Read USB hardware information using
the usbfs filesystem interface.
Module:
devices
Layer:
kernel
dev_relabel_all_dev_nodes(
domain
)
Allow full relabeling (to and from) of all device nodes.
Module:
devices
Layer:
kernel
dev_relabel_dev_dirs(
domain
)
Allow full relabeling (to and from) of directories in /dev.
Module:
devices
Layer:
kernel
dev_relabel_generic_symlinks(
domain
)
Relabel symbolic links in device directories.
Module:
devices
Layer:
kernel
dev_rw_agp_dev(
domain
)
Read and write the agp devices.
Module:
devices
Layer:
kernel
dev_rw_apm_bios(
domain
)
Read and write the apm bios.
Module:
devices
Layer:
kernel
dev_rw_cpu_microcode(
domain
)
Read and write the the CPU microcode device. This
is required to load CPU microcode.
Module:
devices
Layer:
kernel
dev_rw_dri_dev(
domain
)
Read and write the dri devices.
Module:
devices
Layer:
kernel
dev_rw_generic_file(
domain
)
Read and write generic files in /dev.
Module:
devices
Layer:
kernel
dev_rw_lvm_control(
domain
)
Read and write the lvm control device.
Module:
devices
Layer:
kernel
dev_rw_null_dev(
domain
)
Read and write to the null device (/dev/null).
Module:
devices
Layer:
kernel
dev_rw_power_management(
domain
)
Read and write the the power management device.
Module:
devices
Layer:
kernel
dev_rw_realtime_clock(
domain
)
Read and set the realtime clock (/dev/rtc).
Module:
devices
Layer:
kernel
dev_rw_scanner(
domain
)
Read and write the scanner device.
Module:
devices
Layer:
kernel
dev_rw_sysfs(
domain
)
Allow caller to modify hardware state information.
Module:
devices
Layer:
kernel
dev_rw_usbfs(
domain
)
Allow caller to modify usb hardware configuration files.
Module:
devices
Layer:
kernel
dev_rw_zero_dev(
domain
)
Read and write to the zero device (/dev/zero).
Module:
devices
Layer:
kernel
dev_rwx_zero_dev(
domain
)
Read, write, and execute the zero device (/dev/zero).
Module:
devices
Layer:
kernel
dev_rx_raw_memory(
domain
)
Read and execute raw memory devices (e.g. /dev/mem).
Module:
devices
Layer:
kernel
dev_search_sysfs(
domain
)
Search the sysfs directories.
Module:
devices
Layer:
kernel
dev_search_usbfs(
domain
)
Search the directory containing USB hardware information.
Module:
devices
Layer:
kernel
dev_setattr_all_blk_files(
domain
)
Setattr on all block file device nodes.
Module:
devices
Layer:
kernel
dev_setattr_all_chr_files(
domain
)
Setattr on all character file device nodes.
Module:
devices
Layer:
kernel
dev_setattr_apm_bios(
domain
)
Set the attributes of the apm bios device node.
Module:
devices
Layer:
kernel
dev_setattr_dev_dir(
domain
)
Set the attributes of /dev directories.
Module:
devices
Layer:
kernel
dev_setattr_framebuffer(
domain
)
Set the attributes of the framebuffer device node.
Module:
devices
Layer:
kernel
dev_setattr_misc(
domain
)
Set the attributes of miscellaneous devices.
Module:
devices
Layer:
kernel
dev_setattr_mouse(
domain
)
Set the attributes of the mouse devices.
Module:
devices
Layer:
kernel
dev_setattr_power_management(
domain
)
Set the attributes of the the power management device.
Module:
devices
Layer:
kernel
dev_setattr_printer(
domain
)
Set the attributes of the printer device nodes.
Module:
devices
Layer:
kernel
dev_setattr_scanner(
domain
)
Set the attributes of the scanner device.
Module:
devices
Layer:
kernel
dev_setattr_snd_dev(
domain
)
Set the attributes of the sound devices.
Module:
devices
Layer:
kernel
dev_setattr_video_dev(
domain
)
Set the attributes of video4linux device nodes.
Module:
devices
Layer:
kernel
dev_unconfined(
domain
)
Unconfined access to devices.
Module:
devices
Layer:
kernel
dev_write_misc(
domain
)
Write miscellaneous devices.
Module:
devices
Layer:
kernel
dev_write_rand(
domain
)
Write to the random device (e.g., /dev/random). This adds
entropy used to generate the random data read from the
random device.
Module:
devices
Layer:
kernel
dev_write_raw_memory(
domain
)
Write raw memory devices (e.g. /dev/mem).
Module:
devices
Layer:
kernel
dev_write_realtime_clock(
domain
)
Set the realtime clock (/dev/rtc).
Module:
devices
Layer:
kernel
dev_write_snd_mixer_dev(
domain
)
Write the sound mixer devices.
Module:
devices
Layer:
kernel
dev_write_urand(
domain
)
Write to the pseudo random device (e.g., /dev/urandom). This
sets the random number generator seed.
Module:
devices
Layer:
kernel
dev_wx_raw_memory(
domain
)
Write and execute raw memory devices (e.g. /dev/mem).
Module:
dmesg
Layer:
admin
dmesg_domtrans(
domain
)
Execute dmesg in the dmesg domain.
Module:
dmesg
Layer:
admin
dmesg_exec(
domain
)
Execute dmesg in the caller domain.
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_sockets(
domain
)
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_tcp_sockets(
domain
)
Do not audit attempts to get the attributes
of all domains TCP sockets.
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_udp_sockets(
domain
)
Do not audit attempts to get the attributes
of all domains UDP sockets.
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_unix_dgram_sockets(
domain
)
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_unnamed_pipes(
domain
)
Do not audit attempts to get the attributes
of all domains unnamed pipes.
Module:
domain
Layer:
system
domain_dontaudit_getsession_all_domains(
domain
)
Do not audit attempts to get the
session ID of all domains.
Module:
domain
Layer:
system
domain_dontaudit_list_all_domains_proc(
domain
)
Do not audit attempts to read the process state
directories of all domains.
Module:
domain
Layer:
system
domain_dontaudit_read_all_domains_state(
domain
)
Do not audit attempts to read the process
state (/proc/pid) of all domains.
Module:
domain
Layer:
system
domain_dontaudit_rw_all_key_sockets(
domain
)
Do not audit attempts to read or write
all domains key sockets.
Module:
domain
Layer:
system
domain_dontaudit_rw_all_udp_sockets(
domain
)
Do not audit attempts to read or write
all domains UDP sockets.
Module:
domain
Layer:
system
domain_dontaudit_use_wide_inherit_fd(
?
)
Module:
domain
Layer:
system
domain_exec_all_entry_files(
?
)
Module:
domain
Layer:
system
domain_getattr_all_entry_files(
domain
)
Get the attributes of entry point
files for all domains.
Module:
domain
Layer:
system
domain_getattr_all_sockets(
domain
)
Get the attributes of all domains
sockets, for all socket types.
Module:
domain
Layer:
system
domain_getsession_all_domains(
domain
)
Get the session ID of all domains.
Module:
domain
Layer:
system
domain_kill_all_domains(
domain
)
Send a kill signal to all domains.
Module:
domain
Layer:
system
domain_obj_id_change_exempt(
domain
)
Makes caller an exception to the constraint preventing
changing the user identity in object contexts.
Module:
domain
Layer:
system
domain_read_all_domains_state(
domain
)
Read the process state (/proc/pid) of all domains.
Module:
domain
Layer:
system
domain_read_all_entry_files(
?
)
Module:
domain
Layer:
system
domain_role_change_exempt(
domain
)
Makes caller an exception to the constraint preventing
changing of role.
Module:
domain
Layer:
system
domain_setpriority_all_domains(
?
)
Module:
domain
Layer:
system
domain_sigchld_all_domains(
domain
)
Send a child terminated signal to all domains.
Module:
domain
Layer:
system
domain_sigchld_wide_inherit_fd(
domain
)
Send a SIGCHLD signal to domains whose file
discriptors are widely inheritable.
Module:
domain
Layer:
system
domain_signal_all_domains(
domain
)
Send general signals to all domains.
Module:
domain
Layer:
system
domain_signull_all_domains(
domain
)
Send a null signal to all domains.
Module:
domain
Layer:
system
domain_sigstop_all_domains(
domain
)
Send a stop signal to all domains.
Module:
domain
Layer:
system
domain_subj_id_change_exempt(
domain
)
Makes caller an exception to the constraint preventing
changing of user identity.
Module:
domain
Layer:
system
domain_unconfined(
domain
)
Unconfined access to domains.
Module:
domain
Layer:
system
domain_use_wide_inherit_fd(
?
)
Module:
files
Layer:
system
files_create_boot_flag(
?
)
Module:
files
Layer:
system
files_create_etc_config(
?
)
Module:
files
Layer:
system
files_create_home_dirs(
domain
,
home_type
)
Module:
files
Layer:
system
files_create_root(
domain
,
[
private type
]
,
[
object
]
)
Create an object in the root directory, with a private
type. If no object class is specified, the
default is file.
Module:
files
Layer:
system
files_create_tmp_files(
?
)
Module:
files
Layer:
system
files_create_var_lib(
domain
,
file_type
,
[
object_class
]
)
Create objects in the /var/lib directory
Module:
files
Layer:
system
files_delete_all_locks(
?
)
Module:
files
Layer:
system
files_delete_etc_files(
domain
)
Delete system configuration files in /etc.
Module:
files
Layer:
system
files_delete_root_dir_entry(
?
)
Module:
files
Layer:
system
files_dontaudit_getattr_all_dirs(
domain
)
Do not audit attempts to get the attributes
of all directories.
Module:
files
Layer:
system
files_dontaudit_getattr_all_files(
domain
)
Do not audit attempts to get the attributes
of all files.
Module:
files
Layer:
system
files_dontaudit_getattr_all_pipes(
domain
)
Do not audit attempts to get the attributes
of all named pipes.
Module:
files
Layer:
system
files_dontaudit_getattr_all_sockets(
domain
)
Do not audit attempts to get the attributes
of all named sockets.
Module:
files
Layer:
system
files_dontaudit_getattr_all_symlinks(
domain
)
Do not audit attempts to get the attributes
of all symbolic links.
Module:
files
Layer:
system
files_dontaudit_getattr_default_dir(
domain
)
Do not audit attempts to get the attributes of
directories with the default file type.
Module:
files
Layer:
system
files_dontaudit_getattr_default_files(
domain
)
Do not audit attempts to get the attributes of
files with the default file type.
Module:
files
Layer:
system
files_dontaudit_getattr_pid_dir(
domain
)
Do not audit attempts to get the attributes
of the /var/run directory.
Module:
files
Layer:
system
files_dontaudit_ioctl_all_pids(
domain
)
Do not audit attempts to ioctl daemon runtime data files.
Module:
files
Layer:
system
files_dontaudit_read_etc_runtime_files(
domain
)
Do not audit attempts to read files
in /etc that are dynamically
created on boot, such as mtab.
Module:
files
Layer:
system
files_dontaudit_read_root_file(
?
)
Module:
files
Layer:
system
files_dontaudit_rw_root_chr_dev(
?
)
Module:
files
Layer:
system
files_dontaudit_rw_root_file(
?
)
Module:
files
Layer:
system
files_dontaudit_search_all_dirs(
?
)
Module:
files
Layer:
system
files_dontaudit_search_home(
domain
)
Do not audit attempts to search home directories root.
Module:
files
Layer:
system
files_dontaudit_search_isid_type_dir(
domain
)
Do not audit attempts to search directories on new filesystems
that have not yet been labeled.
Module:
files
Layer:
system
files_dontaudit_search_locks(
domain
)
Do not audit attempts to search the
locks directory (/var/lock).
Module:
files
Layer:
system
files_dontaudit_search_pids(
?
)
Module:
files
Layer:
system
files_dontaudit_search_var(
?
)
Module:
files
Layer:
system
files_dontaudit_write_all_pids(
domain
)
Do not audit attempts to write to daemon runtime data files.
Module:
files
Layer:
system
files_exec_usr_files(
domain
)
Execute programs in /usr/src in the caller domain.
Module:
files
Layer:
system
files_getattr_all_dirs(
domain
)
Get the attributes of all directories.
Module:
files
Layer:
system
files_getattr_all_files(
domain
)
Get the attributes of all files.
Module:
files
Layer:
system
files_getattr_all_pipes(
domain
)
Get the attributes of all named pipes.
Module:
files
Layer:
system
files_getattr_all_sockets(
domain
)
Get the attributes of all named sockets.
Module:
files
Layer:
system
files_getattr_all_symlinks(
domain
)
Get the attributes of all symbolic links.
Module:
files
Layer:
system
files_getattr_generic_locks(
?
)
Module:
files
Layer:
system
files_getattr_usr_files(
domain
)
Get the attributes of files in /usr.
Module:
files
Layer:
system
files_getattr_var_lib_dir(
domain
)
Get the attributes of the /var/lib directory.
Module:
files
Layer:
system
files_list_all_dirs(
domain
)
List the contents of all directories.
Module:
files
Layer:
system
files_list_default(
domain
)
List contents of directories with the default file type.
Module:
files
Layer:
system
files_list_home(
domain
)
Get listing of home directories.
Module:
files
Layer:
system
files_list_isid_type_dir(
domain
)
List the contents of directories on new filesystems
that have not yet been labeled.
Module:
files
Layer:
system
files_list_var_lib(
domain
)
List the contents of the /var/lib directory.
Module:
files
Layer:
system
files_list_world_readable(
domain
)
List world-readable directories.
Module:
files
Layer:
system
files_manage_all_files(
domain
,
[
exception_types
]
)
Manage all files on the filesystem, except
the listed exceptions.
Module:
files
Layer:
system
files_manage_etc_files(
?
)
Module:
files
Layer:
system
files_manage_etc_runtime_files(
domain
)
Create, read, write, and delete files in
/etc that are dynamically created on boot,
such as mtab.
Module:
files
Layer:
system
files_manage_generic_locks(
?
)
Module:
files
Layer:
system
files_manage_generic_spool_dirs(
?
)
Module:
files
Layer:
system
files_manage_generic_spools(
?
)
Module:
files
Layer:
system
files_manage_isid_type_blk_node(
domain
)
Create, read, write, and delete block device nodes
on new filesystems that have not yet been labeled.
Module:
files
Layer:
system
files_manage_isid_type_chr_node(
domain
)
Create, read, write, and delete character device nodes
on new filesystems that have not yet been labeled.
Module:
files
Layer:
system
files_manage_isid_type_dir(
domain
)
Create, read, write, and delete directories
on new filesystems that have not yet been labeled.
Module:
files
Layer:
system
files_manage_isid_type_file(
domain
)
Create, read, write, and delete files
on new filesystems that have not yet been labeled.
Module:
files
Layer:
system
files_manage_isid_type_symlink(
domain
)
Create, read, write, and delete symbolic links
on new filesystems that have not yet been labeled.
Module:
files
Layer:
system
files_manage_lost_found(
domain
)
Create, read, write, and delete objects in
lost+found directories.
Module:
files
Layer:
system
files_manage_mnt_dirs(
domain
)
Create, read, write, and delete directories in /mnt.
Module:
files
Layer:
system
files_manage_mnt_files(
domain
)
Create, read, write, and delete files in /mnt.
Module:
files
Layer:
system
files_manage_mnt_symlinks(
domain
)
Create, read, write, and delete symbolic links in /mnt.
Module:
files
Layer:
system
files_manage_urandom_seed(
?
)
Module:
files
Layer:
system
files_manage_var_dirs(
domain
)
Create, read, write, and delete directories
in the /var directory.
Module:
files
Layer:
system
files_manage_var_files(
domain
)
Create, read, write, and delete files in the /var directory.
Module:
files
Layer:
system
files_manage_var_symlinks(
domain
)
Create, read, write, and delete symbolic
links in the /var directory.
Module:
files
Layer:
system
files_mount_all_file_type_fs(
?
)
Module:
files
Layer:
system
files_mounton_all_mountpoints(
?
)
Module:
files
Layer:
system
files_mounton_default(
domain
)
Mount a filesystem on a directory with the default file type.
Module:
files
Layer:
system
files_mounton_isid_type_dir(
domain
)
Mount a filesystem on a directory on new filesystems
that has not yet been labeled.
Module:
files
Layer:
system
files_read_all_files(
domain
)
Module:
files
Layer:
system
files_read_all_symlinks(
domain
)
Module:
files
Layer:
system
files_read_default_files(
domain
)
Read files with the default file type.
Module:
files
Layer:
system
files_read_default_pipes(
domain
)
Read named pipes with the default file type.
Module:
files
Layer:
system
files_read_default_sockets(
domain
)
Read sockets with the default file type.
Module:
files
Layer:
system
files_read_default_symlinks(
domain
)
Read symbolic links with the default file type.
Module:
files
Layer:
system
files_read_etc_runtime_files(
domain
)
Read files in /etc that are dynamically
created on boot, such as mtab.
Module:
files
Layer:
system
files_read_generic_spools(
?
)
Module:
files
Layer:
system
files_read_isid_type_file(
domain
)
Read files on new filesystems
that have not yet been labeled.
Module:
files
Layer:
system
files_read_usr_src_files(
?
)
Module:
files
Layer:
system
files_read_usr_symlinks(
domain
)
Read symbolic links in /usr.
Module:
files
Layer:
system
files_read_var_files(
domain
)
Read files in the /var directory.
Module:
files
Layer:
system
files_read_var_lib_files(
domain
)
Read generic files in /var/lib
Module:
files
Layer:
system
files_read_var_symlink(
domain
)
Read symbolic links in the /var directory.
Module:
files
Layer:
system
files_read_world_readable_files(
domain
)
Read world-readable files.
Module:
files
Layer:
system
files_read_world_readable_pipes(
domain
)
Read world-readable named pipes.
Module:
files
Layer:
system
files_read_world_readable_sockets(
domain
)
Read world-readable sockets.
Module:
files
Layer:
system
files_read_world_readable_symlinks(
domain
)
Read world-readable symbolic links.
Module:
files
Layer:
system
files_relabel_all_files(
domain
,
[
exception_types
]
)
Relabel all files on the filesystem, except
the listed exceptions.
Module:
files
Layer:
system
files_relabelto_all_file_type_fs(
?
)
Module:
files
Layer:
system
files_relabelto_usr_files(
domain
)
Relabel a file to the type used in /usr.
Module:
files
Layer:
system
files_rw_isid_type_blk_node(
domain
)
Read and write block device nodes on new filesystems
that have not yet been labeled.
Module:
files
Layer:
system
files_rw_isid_type_dir(
domain
)
Read and write directories on new filesystems
that have not yet been labeled.
Module:
files
Layer:
system
files_search_home(
domain
)
Search home directories root.
Module:
files
Layer:
system
files_search_tmp(
domain
)
Search the tmp directory (/tmp).
Module:
files
Layer:
system
files_search_var_lib(
domain
)
Search the /var/lib directory.
Module:
files
Layer:
system
files_setattr_all_tmp_dirs(
domain
)
Set the attributes of all tmp directories.
Module:
files
Layer:
system
files_setattr_etc_dir(
domain
)
Set the attributes of the /etc directories.
Module:
files
Layer:
system
files_tmpfs_file(
type
)
Transform the type into a file, for use on a
virtual memory filesystem (tmpfs).
Module:
files
Layer:
system
files_unconfined(
domain
)
Unconfined access to files.
Module:
files
Layer:
system
files_unmount_all_file_type_fs(
?
)
Module:
firstboot
Layer:
admin
firstboot_domtrans(
domain
)
Execute firstboot in the firstboot domain.
Module:
firstboot
Layer:
admin
firstboot_run(
domain
,
role
,
terminal
)
Execute firstboot in the firstboot domain, and
allow the specified role the firstboot domain.
Module:
firstboot
Layer:
admin
firstboot_use_fd(
domain
)
Inherit and use a file descriptor from firstboot.
Module:
firstboot
Layer:
admin
firstboot_write_pipe(
domain
)
Write to a firstboot unnamed pipe.
Module:
filesystem
Layer:
kernel
fs_associate(
file_type
)
Associate the specified file type to persistent
filesystems with extended attributes. This
allows a file of this type to be created on
a filesystem such as ext3, JFS, and XFS.
Module:
filesystem
Layer:
kernel
fs_associate_noxattr(
file_type
)
Associate the specified file type to
filesystems which lack extended attributes
support. This allows a file of this type
to be created on a filesystem such as
FAT32, and NFS.
Module:
filesystem
Layer:
kernel
fs_associate_tmpfs(
type
)
Allow the type to associate to tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_cifs_domtrans(
domain
,
target_domain
)
Execute a file on a CIFS or SMB filesystem
in the specified domain.
Module:
filesystem
Layer:
kernel
fs_dontaudit_getattr_all_fs(
domain
)
Do not audit attempts to get the attributes
all filesystems.
Module:
filesystem
Layer:
kernel
fs_dontaudit_getattr_xattr_fs(
domain
)
Do not audit attempts to
get the attributes of a persistent
filesystem which has extended
attributes, such as ext3, JFS, or XFS.
Module:
filesystem
Layer:
kernel
fs_dontaudit_list_tmpfs(
domain
)
Do not audit attempts to list the
contents of generic tmpfs directories.
Module:
filesystem
Layer:
kernel
fs_dontaudit_rw_cifs_files(
domain
)
Do not audit attempts to read or
write files on a CIFS or SMB filesystem.
Module:
filesystem
Layer:
kernel
fs_dontaudit_rw_nfs_files(
domain
)
Do not audit attempts to read or
write files on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_exec_noxattr(
domain
)
Execute files on a filesystem that does
not support extended attributes.
Module:
filesystem
Layer:
kernel
fs_execute_cifs_files(
domain
)
Execute files on a CIFS or SMB
network filesystem, in the caller
domain.
Module:
filesystem
Layer:
kernel
fs_execute_nfs_files(
domain
)
Execute files on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_get_all_fs_quotas(
domain
)
Get the quotas of all filesystems.
Module:
filesystem
Layer:
kernel
fs_get_xattr_fs_quota(
domain
)
Get the filesystem quotas of a filesystem
with extended attributes.
Module:
filesystem
Layer:
kernel
fs_getattr_all_fs(
domain
)
Get the attributes of all persistent
filesystems.
Module:
filesystem
Layer:
kernel
fs_getattr_autofs(
domain
)
Get the attributes of an automount
pseudo filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_cifs(
domain
)
Get the attributes of a CIFS or
SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_dos_fs(
domain
)
Get the attributes of a DOS
filesystem, such as FAT32 or NTFS.
Module:
filesystem
Layer:
kernel
fs_getattr_iso9660_fs(
domain
)
Get the attributes of an iso9660
filesystem, which is usually used on CDs.
Module:
filesystem
Layer:
kernel
fs_getattr_nfs(
domain
)
Get the attributes of a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_nfsd_fs(
domain
)
Get the attributes of a NFS server
pseudo filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_ramfs(
domain
)
Get the attributes of a RAM filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_romfs(
domain
)
Get the attributes of a ROM
filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_rpc_pipefs(
domain
)
Get the attributes of a RPC pipe
filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_tmpfs(
domain
)
Get the attributes of a tmpfs
filesystem.
Module:
filesystem
Layer:
kernel
fs_getattr_tmpfs_dir(
domain
)
Get the attributes of tmpfs directories.
Module:
filesystem
Layer:
kernel
fs_getattr_xattr_fs(
domain
)
Get the attributes of a persistent
filesystem which has extended
attributes, such as ext3, JFS, or XFS.
Module:
filesystem
Layer:
kernel
fs_list_all(
domain
)
List all directories with a filesystem type.
Module:
filesystem
Layer:
kernel
fs_list_tmpfs(
domain
)
List the contents of generic tmpfs directories.
Module:
filesystem
Layer:
kernel
fs_make_noxattr_fs(
domain
)
Transform specified type into a filesystem
type which does not have extended attribute
support.
Module:
filesystem
Layer:
kernel
fs_manage_cifs_dirs(
domain
)
Create, read, write, and delete directories
on a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_cifs_files(
domain
)
Create, read, write, and delete files
on a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_cifs_named_pipes(
domain
)
Create, read, write, and delete named pipes
on a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_cifs_named_sockets(
domain
)
Create, read, write, and delete named sockets
on a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_cifs_symlinks(
domain
)
Create, read, write, and delete symbolic links
on a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_nfs_dirs(
domain
)
Create, read, write, and delete directories
on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_nfs_files(
domain
)
Create, read, write, and delete files
on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_nfs_named_pipes(
domain
)
Create, read, write, and delete named pipes
on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_nfs_named_sockets(
domain
)
Create, read, write, and delete named sockets
on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_nfs_symlinks(
domain
)
Create, read, write, and delete symbolic links
on a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_manage_tmpfs_blk_dev(
domain
)
Read and write, create and delete block nodes
on tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_manage_tmpfs_chr_dev(
domain
)
Read and write, create and delete character
nodes on tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_manage_tmpfs_sockets(
domain
)
Read and write, create and delete socket
files on tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_manage_tmpfs_symlinks(
domain
)
Read and write, create and delete symbolic
links on tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_mount_autofs(
domain
)
Mount an automount pseudo filesystem.
Module:
filesystem
Layer:
kernel
fs_mount_cifs(
domain
)
Mount a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_mount_dos_fs(
domain
)
Mount a DOS filesystem, such as
FAT32 or NTFS.
Module:
filesystem
Layer:
kernel
fs_mount_iso9660_fs(
domain
)
Mount an iso9660 filesystem, which
is usually used on CDs.
Module:
filesystem
Layer:
kernel
fs_mount_nfsd_fs(
domain
)
Mount a NFS server pseudo filesystem.
Module:
filesystem
Layer:
kernel
fs_mount_rpc_pipefs(
domain
)
Mount a RPC pipe filesystem.
Module:
filesystem
Layer:
kernel
fs_mount_tmpfs(
domain
)
Mount a tmpfs filesystem.
Module:
filesystem
Layer:
kernel
fs_mount_xattr_fs(
domain
)
Mount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
Module:
filesystem
Layer:
kernel
fs_nfs_domtrans(
domain
,
target_domain
)
Execute a file on a NFS filesystem
in the specified domain.
Module:
filesystem
Layer:
kernel
fs_read_cifs_files(
domain
)
Read files on a CIFS or SMB filesystem.
Module:
filesystem
Layer:
kernel
fs_read_cifs_files(
domain
)
Do not audit attempts to read or
write files on a CIFS or SMB filesystems.
Module:
filesystem
Layer:
kernel
fs_read_cifs_symlinks(
domain
)
Read symbolic links on a CIFS or SMB filesystem.
Module:
filesystem
Layer:
kernel
fs_read_nfs_files(
domain
)
Read files on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_read_nfs_symlinks(
domain
)
Read symbolic links on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_register_binary_executable_type(
domain
)
Register an interpreter for new binary
file types, using the kernel binfmt_misc
support. A common use for this is to
register a JVM as an interpreter for
Java byte code. Registered binaries
can be directly executed on a command line
without specifying the interpreter.
Module:
filesystem
Layer:
kernel
fs_relabel_tmpfs_blk_dev(
domain
)
Relabel block nodes on tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_relabel_tmpfs_chr_dev(
domain
)
Relabel character nodes on tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_relabelfrom_dos_fs(
domain
)
Allow changing of the label of a
DOS filesystem using the context= mount option.
Module:
filesystem
Layer:
kernel
fs_relabelfrom_xattr_fs(
domain
)
Allow changing of the label of a
filesystem with extended attributes
using the context= mount option.
Module:
filesystem
Layer:
kernel
fs_remount_all_fs(
domain
)
Remount all filesystems. This
allows some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_autofs(
domain
)
Remount an automount pseudo filesystem
This allows some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_cifs(
domain
)
Remount a CIFS or SMB network filesystem.
This allows some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_dos_fs(
domain
)
Remount a DOS filesystem, such as
FAT32 or NTFS. This allows
some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_iso9660_fs(
domain
)
Remount an iso9660 filesystem, which
is usually used on CDs. This allows
some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_nfs(
domain
)
Remount a NFS filesystem. This allows
some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_nfsd_fs(
domain
)
Mount a NFS server pseudo filesystem.
This allows some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_ramfs(
domain
)
Remount a RAM filesystem. This allows
some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_romfs(
domain
)
Remount a ROM filesystem. This allows
some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_rpc_pipefs(
domain
)
Remount a RPC pipe filesystem. This
allows some mount option to be changed.
Module:
filesystem
Layer:
kernel
fs_remount_tmpfs(
domain
)
Remount a tmpfs filesystem.
Module:
filesystem
Layer:
kernel
fs_remount_xattr_fs(
domain
)
Remount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS. This allows
some mount options to be changed.
Module:
filesystem
Layer:
kernel
fs_search_auto_mountpoints(
domain
)
Search automount filesystem to use automatically
mounted filesystems.
Module:
filesystem
Layer:
kernel
fs_search_cifs(
domain
)
Search directories on a CIFS or SMB filesystem.
Module:
filesystem
Layer:
kernel
fs_search_nfs(
domain
)
Search directories on a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_search_tmpfs(
domain
)
Search tmpfs directories.
Module:
filesystem
Layer:
kernel
fs_set_all_quotas(
domain
)
Set the quotas of all filesystems.
Module:
filesystem
Layer:
kernel
fs_set_xattr_fs_quota(
domain
)
Set the filesystem quotas of a filesystem
with extended attributes.
Module:
filesystem
Layer:
kernel
fs_setattr_tmpfs_dir(
domain
)
Set the attributes of tmpfs directories.
Module:
filesystem
Layer:
kernel
fs_type(
domain
)
Transform specified type into a filesystem type.
Module:
filesystem
Layer:
kernel
fs_unconfined(
domain
)
Unconfined access to filesystems
Module:
filesystem
Layer:
kernel
fs_unmount_autofs(
domain
)
Unmount an automount pseudo filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_cifs(
domain
)
Unmount a CIFS or SMB network filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_dos_fs(
domain
)
Unmount a DOS filesystem, such as
FAT32 or NTFS.
Module:
filesystem
Layer:
kernel
fs_unmount_iso9660_fs(
domain
)
Unmount an iso9660 filesystem, which
is usually used on CDs.
Module:
filesystem
Layer:
kernel
fs_unmount_nfs(
domain
)
Unmount a NFS filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_nfsd_fs(
domain
)
Unmount a NFS server pseudo filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_ramfs(
domain
)
Unmount a RAM filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_romfs(
domain
)
Unmount a ROM filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_rpc_pipefs(
domain
)
Unmount a RPC pipe filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_tmpfs(
domain
)
Unmount a tmpfs filesystem.
Module:
filesystem
Layer:
kernel
fs_unmount_xattr_fs(
domain
)
Unmount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
Module:
filesystem
Layer:
kernel
fs_use_tmpfs_blk_dev(
domain
)
Read and write block nodes on tmpfs filesystems.
Module:
filesystem
Layer:
kernel
fs_use_tmpfs_chr_dev(
domain
)
Read and write character nodes on tmpfs filesystems.
Module:
fstools
Layer:
system
fstools_domtrans(
domain
)
Execute fs tools in the fstools domain.
Module:
fstools
Layer:
system
fstools_exec(
domain
)
Execute fsadm in the caller domain.
Module:
fstools
Layer:
system
fstools_manage_entry_files(
domain
)
Create, read, write, and delete a file used by the
filesystem tools programs.
Module:
fstools
Layer:
system
fstools_relabelto_entry_files(
domain
)
Relabel a file to the type used by the
filesystem tools programs.
Module:
fstools
Layer:
system
fstools_run(
domain
,
role
,
terminal
)
Execute fs tools in the fstools domain, and
allow the specified role the fs tools domain.
Module:
getty
Layer:
system
getty_domtrans(
domain
)
Execute gettys in the getty domain.
Module:
getty
Layer:
system
getty_modify_config(
domain
)
Allow process to edit getty config file.
Module:
getty
Layer:
system
getty_read_config(
domain
)
Allow process to read getty config file.
Module:
getty
Layer:
system
getty_read_log(
domain
)
Allow process to read getty log file.
Module:
gpm
Layer:
services
gpm_dontaudit_getattr_gpmctl(
domain
)
Do not audit attempts to get the
attributes of the GPM control channel
named socket.
Module:
gpm
Layer:
services
gpm_getattr_gpmctl(
domain
)
Get the attributes of the GPM
control channel named socket.
Module:
gpm
Layer:
services
gpm_setattr_gpmctl(
domain
)
Set the attributes of the GPM
control channel named socket.
Module:
hostname
Layer:
system
hostname_domtrans(
domain
)
Execute hostname in the hostname domain.
Module:
hostname
Layer:
system
hostname_exec(
domain
)
Execute hostname in the caller domain.
Module:
hostname
Layer:
system
hostname_run(
domain
,
role
,
terminal
)
Execute hostname in the hostname domain, and
allow the specified role the hostname domain.
Module:
hotplug
Layer:
system
hotplug_dontaudit_search_config(
?
)
Module:
hotplug
Layer:
system
hotplug_getattr_config_dir(
domain
)
Get the attributes of the hotplug configuration directory.
Module:
hotplug
Layer:
system
hotplug_read_config(
domain
)
Read the configuration files for hotplug.
Module:
hotplug
Layer:
system
hotplug_search_config(
domain
)
Search the hotplug configuration directory.
Module:
inetd
Layer:
services
inetd_core_service_domain(
domain
,
entrypoint
)
Define the specified domain as a inetd service.
Module:
inetd
Layer:
services
inetd_domtrans_child(
domain
)
Run inetd child process in the inet child domain
Module:
inetd
Layer:
services
inetd_service_domain(
domain
,
entrypoint
)
Define the specified domain as a TCP and UDP inetd service.
Module:
inetd
Layer:
services
inetd_tcp_connect(
domain
)
Connect to the inetd service using a TCP connection.
Module:
inetd
Layer:
services
inetd_tcp_service_domain(
domain
,
entrypoint
)
Define the specified domain as a TCP inetd service.
Module:
inetd
Layer:
services
inetd_udp_service_domain(
domain
,
entrypoint
)
Define the specified domain as a UDP inetd service.
Module:
inetd
Layer:
services
inetd_use_fd(
domain
)
Inherit and use file descriptors from inetd.
Module:
init
Layer:
system
init_daemon_domain(
domain
,
entry_point
)
Create a domain for long running processes
(daemons) which can be started by init scripts.
Module:
init
Layer:
system
init_domain(
domain
,
entry_point
)
Create a domain which can be started by init.
Module:
init
Layer:
system
init_domtrans_script(
?
)
Module:
init
Layer:
system
init_dontaudit_getattr_initctl(
?
)
Module:
init
Layer:
system
init_dontaudit_rw_script_pid(
?
)
Module:
init
Layer:
system
init_dontaudit_use_fd(
?
)
Module:
init
Layer:
system
init_dontaudit_use_initctl(
?
)
Module:
init
Layer:
system
init_dontaudit_use_script_fd(
?
)
Module:
init
Layer:
system
init_dontaudit_use_script_pty(
?
)
Module:
init
Layer:
system
init_dontaudit_write_script_pid(
?
)
Module:
init
Layer:
system
init_get_process_group(
?
)
Module:
init
Layer:
system
init_get_script_process_group(
?
)
Module:
init
Layer:
system
init_getattr_initctl(
?
)
Module:
init
Layer:
system
init_list_script_pids(
domain
)
List the contents of an init script
process id directory.
Module:
init
Layer:
system
init_read_script(
domain
)
Module:
init
Layer:
system
init_read_script_file(
domain
)
Module:
init
Layer:
system
init_read_script_pid(
?
)
Module:
init
Layer:
system
init_read_script_process_state(
domain
)
Read the process state (/proc/pid) of the init scripts.
Module:
init
Layer:
system
init_run_daemon(
domain
,
role
,
terminal
)
Start and stop daemon programs directly.
Module:
init
Layer:
system
init_rw_script_pid(
?
)
Module:
init
Layer:
system
init_rw_script_pipe(
domain
)
Read and write init script unnamed pipes.
Module:
init
Layer:
system
init_rw_script_tmp_files(
domain
)
Read and write init script temporary data.
Module:
init
Layer:
system
init_system_domain(
domain
,
entry_point
)
Create a domain for short running processes
which can be started by init scripts.
Module:
init
Layer:
system
init_udp_sendto_script(
domain
)
Send UDP network traffic to init scripts.
Module:
init
Layer:
system
init_use_script_fd(
?
)
Module:
init
Layer:
system
init_use_script_pty(
domain
)
Read and write the init script pty.
Module:
init
Layer:
system
init_write_initctl(
?
)
Module:
ipsec
Layer:
system
ipsec_domtrans(
domain
)
Execute ipsec in the ipsec domain.
Module:
ipsec
Layer:
system
ipsec_exec_mgmt(
domain
)
Execute the IPSEC management program in the caller domain.
Module:
ipsec
Layer:
system
ipsec_getattr_key_socket(
domain
)
Get the attributes of an IPSEC key socket.
Module:
ipsec
Layer:
system
ipsec_manage_pid(
domain
)
Create, read, write, and delete the IPSEC pid files.
Module:
ipsec
Layer:
system
ipsec_read_config(
domain
)
Read the IPSEC configuration
Module:
ipsec
Layer:
system
ipsec_stream_connect(
domain
)
Connect to IPSEC using a unix domain stream socket.
Module:
iptables
Layer:
system
iptables_domtrans(
domain
)
Execute iptables in the iptables domain.
Module:
iptables
Layer:
system
iptables_exec(
domain
)
Execute iptables in the caller domain.
Module:
iptables
Layer:
system
iptables_run(
domain
,
role
,
terminal
)
Execute iptables in the iptables domain, and
allow the specified role the iptables domain.
Module:
kerberos
Layer:
services
kerberos_read_config(
domain
)
Read the kerberos configuration file (/etc/krb5.conf).
Module:
kerberos
Layer:
services
kerberos_rw_config(
domain
)
Read and write the kerberos configuration file (/etc/krb5.conf).
Module:
kernel
Layer:
kernel
kernel_change_ring_buffer_level(
domain
)
Change the level of kernel messages logged to the console.
Module:
kernel
Layer:
kernel
kernel_clear_ring_buffer(
domain
)
Allows the caller to clear the ring buffer.
Module:
kernel
Layer:
kernel
kernel_dontaudit_getattr_core(
domain
)
Do not audit attempts to get the attributes of
core kernel interfaces.
Module:
kernel
Layer:
kernel
kernel_dontaudit_getattr_message_if(
domain
)
Do not audit attempts by caller to get the attributes of kernel
message interfaces.
Module:
kernel
Layer:
kernel
kernel_dontaudit_getattr_unlabeled_blk_dev(
domain
)
Do not audit attempts by caller to get attributes for
unlabeled block devices.
Module:
kernel
Layer:
kernel
kernel_dontaudit_read_ring_buffer(
domain
)
Do not audit attempts to read the ring buffer.
Module:
kernel
Layer:
kernel
kernel_dontaudit_read_system_state(
domain
)
Do not audit attempts by caller to
read system state information in proc.
Module:
kernel
Layer:
kernel
kernel_dontaudit_search_network_sysctl_dir(
domain
)
Do not audit attempts by caller to search sysctl network directories.
Module:
kernel
Layer:
kernel
kernel_dontaudit_search_sysctl_dir(
domain
)
Do not audit attempts by caller to search the sysctl directory.
Module:
kernel
Layer:
kernel
kernel_dontaudit_use_fd(
domain
)
Do not audit attempts to use
kernel file descriptors.
Module:
kernel
Layer:
kernel
kernel_dontaudit_write_kernel_sysctl(
domain
)
Do not audit attempts to write generic kernel sysctls.
Module:
kernel
Layer:
kernel
kernel_get_sysvipc_info(
domain
)
Get information on all System V IPC objects.
Module:
kernel
Layer:
kernel
kernel_getattr_core(
domain
)
Allows caller to get attribues of core kernel interface.
Module:
kernel
Layer:
kernel
kernel_getattr_message_if(
domain
)
Allow caller to get the attributes of kernel message
interface (/proc/kmsg).
Module:
kernel
Layer:
kernel
kernel_getattr_proc(
domain
)
Get the attributes of the proc filesystem.
Module:
kernel
Layer:
kernel
kernel_kill_unlabeled(
domain
)
Send a kill signal to unlabeled processes.
Module:
kernel
Layer:
kernel
kernel_list_proc(
domain
)
List the contents of directories in /proc.
Module:
kernel
Layer:
kernel
kernel_list_unlabeled(
domain
)
List unlabeled directories.
Module:
kernel
Layer:
kernel
kernel_load_module(
domain
)
Allows caller to load kernel modules
Module:
kernel
Layer:
kernel
kernel_read_all_sysctl(
domain
)
Allow caller to read all sysctls.
Module:
kernel
Layer:
kernel
kernel_read_device_sysctl(
domain
)
Allow caller to read the device sysctls.
Module:
kernel
Layer:
kernel
kernel_read_fs_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_hotplug_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_irq_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_kernel_sysctl(
domain
)
Read generic kernel sysctls.
Module:
kernel
Layer:
kernel
kernel_read_messages(
domain
)
Allow caller to read kernel messages
using the /proc/kmsg interface.
Module:
kernel
Layer:
kernel
kernel_read_modprobe_sysctl(
domain
)
Read the modprobe sysctl.
Module:
kernel
Layer:
kernel
kernel_read_net_sysctl(
domain
)
Allow caller to read network sysctls.
Module:
kernel
Layer:
kernel
kernel_read_network_state(
domain
)
Allow caller to read the network state information.
Module:
kernel
Layer:
kernel
kernel_read_proc_symlinks(
domain
)
Read symbolic links in /proc.
Module:
kernel
Layer:
kernel
kernel_read_ring_buffer(
domain
)
Allows caller to read the ring buffer.
Module:
kernel
Layer:
kernel
kernel_read_software_raid_state(
domain
)
Allow caller to read the state information for software raid.
Module:
kernel
Layer:
kernel
kernel_read_system_state(
domain
)
Allows caller to read system state information in proc.
Module:
kernel
Layer:
kernel
kernel_read_unix_sysctl(
domain
)
Allow caller to read unix domain
socket sysctls.
Module:
kernel
Layer:
kernel
kernel_read_vm_sysctl(
domain
)
Allow caller to read virtual memory sysctls.
Module:
kernel
Layer:
kernel
kernel_relabel_unlabeled(
domain
)
Allow caller to relabel unlabeled objects.
Module:
kernel
Layer:
kernel
kernel_rootfs_mountpoint(
directory_type
)
Allows the kernel to mount filesystems on
the specified directory type.
Module:
kernel
Layer:
kernel
kernel_rw_all_sysctl(
domain
)
Read and write all sysctls.
Module:
kernel
Layer:
kernel
kernel_rw_device_sysctl(
domain
)
Read and write device sysctls.
Module:
kernel
Layer:
kernel
kernel_rw_fs_sysctl(
domain
)
Read and write fileystem sysctls.
Module:
kernel
Layer:
kernel
kernel_rw_hotplug_sysctl(
domain
)
Read and write the hotplug sysctl.
Module:
kernel
Layer:
kernel
kernel_rw_irq_sysctl(
domain
)
Read and write IRQ sysctls.
Module:
kernel
Layer:
kernel
kernel_rw_kernel_sysctl(
domain
)
Read and write generic kernel sysctls.
Module:
kernel
Layer:
kernel
kernel_rw_modprobe_sysctl(
domain
)
Read and write the modprobe sysctl.
Module:
kernel
Layer:
kernel
kernel_rw_net_sysctl(
domain
)
Allow caller to modiry contents of sysctl network files.
Module:
kernel
Layer:
kernel
kernel_rw_pipe(
domain
)
Read and write kernel unnamed pipes.
Module:
kernel
Layer:
kernel
kernel_rw_software_raid_state(
domain
)
Allow caller to read and set the state information for software raid.
Module:
kernel
Layer:
kernel
kernel_rw_unix_dgram_socket(
domain
)
Read and write kernel unix datagram sockets.
Module:
kernel
Layer:
kernel
kernel_rw_unix_sysctl(
domain
)
Read and write unix domain
socket sysctls.
Module:
kernel
Layer:
kernel
kernel_rw_unlabeled_dir(
domain
)
Read and write unlabeled directories.
Module:
kernel
Layer:
kernel
kernel_rw_vm_sysctl(
domain
)
Read and write virtual memory sysctls.
Module:
kernel
Layer:
kernel
kernel_search_proc(
domain
)
Search directories in /proc.
Module:
kernel
Layer:
kernel
kernel_sendto_unix_dgram_socket(
domain
)
Send messages to kernel unix datagram sockets.
Module:
kernel
Layer:
kernel
kernel_share_state(
domain
)
Allows the kernel to share state information with
the caller.
Module:
kernel
Layer:
kernel
kernel_sigchld(
domain
)
Send a SIGCHLD signal to kernel threads.
Module:
kernel
Layer:
kernel
kernel_sigchld_unlabeled(
domain
)
Send a child terminated signal to unlabeled processes.
Module:
kernel
Layer:
kernel
kernel_signal_unlabeled(
domain
)
Send general signals to unlabeled processes.
Module:
kernel
Layer:
kernel
kernel_signull_unlabeled(
domain
)
Send a null signal to unlabeled processes.
Module:
kernel
Layer:
kernel
kernel_sigstop_unlabeled(
domain
)
Send a stop signal to unlabeled processes.
Module:
kernel
Layer:
kernel
kernel_tcp_recvfrom(
domain
)
Receive messages from kernel TCP sockets.
Module:
kernel
Layer:
kernel
kernel_udp_recvfrom(
domain
)
Receive messages from kernel UDP sockets.
Module:
kernel
Layer:
kernel
kernel_unconfined(
domain
)
Unconfined access to the kernel.
Module:
kernel
Layer:
kernel
kernel_use_fd(
domain
)
Permits caller to use kernel file descriptors.
Module:
kernel
Layer:
kernel
kernel_use_unlabeled_blk_dev(
domain
)
Read and write unlabeled block device nodes.
Module:
kernel
Layer:
kernel
kernel_userland_entry(
domain
,
entrypoint
)
Allows to start userland processes
by transitioning to the specified domain.
Module:
ldap
Layer:
services
ldap_list_db_dir(
domain
)
Read the contents of the OpenLDAP
database directories.
Module:
ldap
Layer:
services
ldap_read_config(
domain
)
Read the OpenLDAP configuration files.
Module:
libraries
Layer:
system
libs_domtrans_ldconfig(
domain
)
Execute ldconfig in the ldconfig domain.
Module:
libraries
Layer:
system
libs_exec_ld_so(
domain
)
Execute the dynamic link/loader in the caller's domain.
Module:
libraries
Layer:
system
libs_exec_lib_files(
domain
)
Execute library scripts in the caller domain.
Module:
libraries
Layer:
system
libs_legacy_use_ld_so(
domain
)
Use the dynamic link/loader for automatic loading
of shared libraries with legacy support.
Module:
libraries
Layer:
system
libs_legacy_use_shared_libs(
domain
)
Load and execute functions from shared libraries,
with legacy support.
Module:
libraries
Layer:
system
libs_read_lib(
domain
)
Read files in the library directories, such
as static libraries.
Module:
libraries
Layer:
system
libs_relabelto_lib_files(
domain
)
Relabel files to the type used in library directories.
Module:
libraries
Layer:
system
libs_run_ldconfig(
domain
,
role
,
terminal
)
Execute ldconfig in the ldconfig domain.
Module:
libraries
Layer:
system
libs_rw_ld_so_cache(
domain
)
Modify the dynamic link/loader's cached listing
of shared libraries.
Module:
libraries
Layer:
system
libs_use_ld_so(
domain
)
Use the dynamic link/loader for automatic loading
of shared libraries.
Module:
libraries
Layer:
system
libs_use_shared_libs(
domain
)
Load and execute functions from shared libraries.
Module:
loadkeys
Layer:
apps
loadkeys_domtrans(
domain
)
Execute the loadkeys program in the loadkeys domain.
Module:
loadkeys
Layer:
apps
loadkeys_exec(
domain
)
Execute the loadkeys program in the caller domain.
Module:
loadkeys
Layer:
apps
loadkeys_run(
domain
,
role
,
terminal
)
Execute the loadkeys program in the loadkeys domain.
Module:
locallogin
Layer:
system
locallogin_domtrans(
domain
)
Execute local logins in the local login domain.
Module:
locallogin
Layer:
system
locallogin_signull(
domain
)
Send a null signal to local login processes.
Module:
locallogin
Layer:
system
locallogin_use_fd(
domain
)
Allow processes to inherit local login file descriptors
Module:
logging
Layer:
system
logging_domtrans_syslog(
domain
)
Execute syslogd in the syslog domain.
Module:
logging
Layer:
system
logging_dontaudit_getattr_all_logs(
?
)
Module:
logging
Layer:
system
logging_exec_all_logs(
domain
)
Execute all log files in the caller domain.
Module:
logging
Layer:
system
logging_rw_log_dir(
domain
)
Read and write the generic log directory (/var/log).
Module:
logging
Layer:
system
logging_search_logs(
domain
)
Allows the domain to open a file in the
log directory, but does not allow the listing
of the contents of the log directory.
Module:
logrotate
Layer:
admin
logrotate_domtrans(
domain
)
Execute logrotate in the logrotate domain.
Module:
logrotate
Layer:
admin
logrotate_dontaudit_use_fd(
domain
)
Do not audit attempts to inherit logrotate file descriptors.
Module:
logrotate
Layer:
admin
logrotate_exec(
domain
)
Execute logrotate in the caller domain.
Module:
logrotate
Layer:
admin
logrotate_run(
domain
,
role
,
terminal
)
Execute logrotate in the logrotate domain, and
allow the specified role the logrotate domain.
Module:
lvm
Layer:
system
lvm_domtrans(
domain
)
Execute lvm programs in the lvm domain.
Module:
lvm
Layer:
system
lvm_read_config(
domain
)
Read LVM configuration files.
Module:
lvm
Layer:
system
lvm_run(
domain
,
role
,
terminal
)
Execute lvm programs in the lvm domain.
Module:
miscfiles
Layer:
system
miscfiles_exec_tetex_data(
domain
)
Execute TeX data programs in the caller domain.
Module:
miscfiles
Layer:
system
miscfiles_legacy_read_localization(
domain
)
Allow process to read legacy time localization info
Module:
miscfiles
Layer:
system
miscfiles_read_localization(
domain
)
Allow process to read localization info
Module:
miscfiles
Layer:
system
miscfiles_read_man_pages(
domain
)
Allow process to read man pages
Module:
miscfiles
Layer:
system
miscfiles_rw_man_cache(
domain
)
Allow process to create files and dirs in /var/cache/man
and /var/catman/
Module:
modutils
Layer:
system
modutils_domtrans_depmod(
domain
)
Execute depmod in the depmod domain.
Module:
modutils
Layer:
system
modutils_domtrans_insmod(
domain
)
Execute insmod in the insmod domain.
Module:
modutils
Layer:
system
modutils_domtrans_update_mods(
domain
)
Execute depmod in the depmod domain.
Module:
modutils
Layer:
system
modutils_read_mods_deps(
domain
)
Read the dependencies of kernel modules.
Module:
modutils
Layer:
system
modutils_read_module_conf(
domain
)
Read the configuration options used when
loading modules.
Module:
modutils
Layer:
system
modutils_run_depmod(
domain
,
role
,
terminal
)
Execute depmod in the depmod domain.
Module:
modutils
Layer:
system
modutils_run_insmod(
domain
,
role
,
terminal
)
Execute insmod in the insmod domain, and
allow the specified role the insmod domain,
and use the caller's terminal. Has a sigchld
backchannel.
Module:
modutils
Layer:
system
modutils_run_update_mods(
domain
,
role
,
terminal
)
Execute update_modules in the update_modules domain.
Module:
mount
Layer:
system
mount_domtrans(
domain
)
Execute mount in the mount domain.
Module:
mount
Layer:
system
mount_run(
domain
,
role
,
terminal
)
Execute mount in the mount domain, and
allow the specified role the mount domain,
and use the caller's terminal.
Module:
mount
Layer:
system
mount_send_nfs_client_request(
domain
)
Allow the mount domain to send nfs requests for mounting
network drives
Module:
mount
Layer:
system
mount_use_fd(
domain
)
Use file descriptors for mount.
Module:
mta
Layer:
services
mta_dontaudit_read_spool_symlink(
domain
)
Do not audit attempts to read a symlink
in the mail spool.
Module:
mta
Layer:
services
mta_read_aliases(
domain
)
Read mail address aliases.
Module:
mta
Layer:
services
mta_sendmail_mailserver(
domain
,
entry_point
)
Modified mailserver interface for
sendmail daemon use.
Module:
mysql
Layer:
services
mysql_manage_db_dir(
domain
)
Create, read, write, and delete MySQL database directories.
Module:
mysql
Layer:
services
mysql_read_config(
domain
)
Read MySQL configuration files.
Module:
mysql
Layer:
services
mysql_rw_db_dir(
domain
)
Read and write to the MySQL database directory.
Module:
mysql
Layer:
services
mysql_search_db_dir(
domain
)
Search the directories that contain MySQL
database storage.
Module:
mysql
Layer:
services
mysql_signal(
domain
)
Send a generic signal to MySQL.
Module:
mysql
Layer:
services
mysql_stream_connect(
domain
)
Connect to MySQL using a unix domain stream socket.
Module:
netutils
Layer:
admin
netutils_domtrans(
domain
)
Execute network utilities in the netutils domain.
Module:
netutils
Layer:
admin
netutils_domtrans_ping(
domain
)
Execute ping in the ping domain.
Module:
netutils
Layer:
admin
netutils_domtrans_traceroute(
domain
)
Execute traceroute in the traceroute domain.
Module:
netutils
Layer:
admin
netutils_exec(
domain
)
Execute network utilities in the caller domain.
Module:
netutils
Layer:
admin
netutils_exec_ping(
domain
)
Execute ping in the caller domain.
Module:
netutils
Layer:
admin
netutils_exec_traceroute(
domain
)
Execute traceroute in the caller domain.
Module:
netutils
Layer:
admin
netutils_run(
domain
,
role
,
terminal
)
Execute network utilities in the netutils domain, and
allow the specified role the netutils domain.
Module:
netutils
Layer:
admin
netutils_run_ping(
domain
,
role
,
terminal
)
Execute ping in the ping domain, and
allow the specified role the ping domain.
Module:
netutils
Layer:
admin
netutils_run_traceroute(
domain
,
role
,
terminal
)
Execute traceroute in the traceroute domain, and
allow the specified role the traceroute domain.
Module:
nis
Layer:
services
nis_list_var_yp(
domain
)
Send UDP network traffic to NIS clients.
Module:
nis
Layer:
services
nis_udp_sendto_ypbind(
domain
)
Send UDP network traffic to NIS clients.
Module:
nis
Layer:
services
nis_use_ypbind(
domain
)
Use the ypbind service to access NIS services.
Module:
nscd
Layer:
services
nscd_domtrans(
domain
)
Execute NSCD in the nscd domain.
Module:
nscd
Layer:
services
nscd_unconfined(
domain
)
Unconfined access to NSCD services.
Module:
nscd
Layer:
services
nscd_use_shared_mem(
domain
)
Use NSCD services by mapping the database from
an inherited NSCD file descriptor.
Module:
nscd
Layer:
services
nscd_use_socket(
domain
)
Use NSCD services by connecting using
a unix stream socket.
Module:
pcmcia
Layer:
system
pcmcia_domtrans_cardctl(
domain
)
Execute cardctl in the cardmgr domain.
Module:
pcmcia
Layer:
system
pcmcia_domtrans_cardmgr(
domain
)
Execute cardmgr in the cardmgr domain.
Module:
pcmcia
Layer:
system
pcmcia_manage_pid(
domain
)
Create, read, write, and delete
cardmgr pid files.
Module:
pcmcia
Layer:
system
pcmcia_manage_runtime_chr(
domain
)
Create, read, write, and delete
cardmgr runtime character nodes.
Module:
pcmcia
Layer:
system
pcmcia_run_cardctl(
domain
,
role
,
terminal
)
Execute cardmgr in the cardctl domain, and
allow the specified role the cardmgr domain.
Module:
quota
Layer:
admin
quota_domtrans(
domain
)
Execute quota management tools in the quota domain.
Module:
quota
Layer:
admin
quota_dontaudit_getattr_db(
domain
)
Do not audit attempts to get the attributes
of filesystem quota data files.
Module:
quota
Layer:
admin
quota_manage_flags(
?
)
Module:
quota
Layer:
admin
quota_run(
domain
,
role
,
terminal
)
Execute quota management tools in the quota domain, and
allow the specified role the quota domain.
Module:
raid
Layer:
system
raid_domtrans_mdadm(
domain
)
Execute software raid tools in the mdadm domain.
Module:
raid
Layer:
system
raid_manage_mdadm_pid(
domain
)
Create, read, write, and delete the mdadm pid files.
Module:
remotelogin
Layer:
services
remotelogin_domtrans(
domain
)
Domain transition to the remote login domain.
Module:
rpm
Layer:
admin
rpm_domtrans(
domain
)
Execute rpm programs in the rpm domain.
Module:
rpm
Layer:
admin
rpm_manage_db(
domain
)
Create, read, write, and delete the RPM package database.
Module:
rpm
Layer:
admin
rpm_manage_log(
domain
)
Create, read, write, and delete the RPM log.
Module:
rpm
Layer:
admin
rpm_read_db(
domain
)
Read the RPM package database.
Module:
rpm
Layer:
admin
rpm_read_pipe(
domain
)
Read from an unnamed RPM pipe.
Module:
rpm
Layer:
admin
rpm_run(
domain
,
role
,
terminal
)
Execute RPM programs in the RPM domain.
Module:
rpm
Layer:
admin
rpm_rw_pipe(
domain
)
Read and write an unnamed RPM pipe.
Module:
rpm
Layer:
admin
rpm_use_fd(
domain
)
Inherit and use file descriptors from RPM.
Module:
rpm
Layer:
admin
rpm_use_script_fd(
domain
)
Inherit and use file descriptors from RPM scripts.
Module:
rshd
Layer:
services
rshd_domtrans(
domain
)
Domain transition to rshd.
Module:
selinux
Layer:
kernel
selinux_compute_access_vector(
domain
)
Allows caller to compute an access vector.
Module:
selinux
Layer:
kernel
selinux_compute_create_context(
domain
)
Calculate the default type for object creation.
Module:
selinux
Layer:
kernel
selinux_compute_relabel_context(
domain
)
Calculate the context for relabeling objects.
Module:
selinux
Layer:
kernel
selinux_compute_user_contexts(
domain
)
Allows caller to compute possible contexts for a user.
Module:
selinux
Layer:
kernel
selinux_dontaudit_search_fs(
domain
)
Do not audit attempts to search selinuxfs.
Module:
selinux
Layer:
kernel
selinux_get_enforce_mode(
domain
)
Allows the caller to get the mode of policy enforcement
(enforcing or permissive mode).
Module:
selinux
Layer:
kernel
selinux_get_fs_mount(
domain
)
Gets the caller the mountpoint of the selinuxfs filesystem.
Module:
selinux
Layer:
kernel
selinux_load_policy(
domain
)
Allow caller to load the policy into the kernel.
Module:
selinux
Layer:
kernel
selinux_set_boolean(
domain
,
[
booltype
]
)
Allow caller to set the state of Booleans to
enable or disable conditional portions of the policy.
Module:
selinux
Layer:
kernel
selinux_set_enforce_mode(
domain
)
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
Module:
selinux
Layer:
kernel
selinux_set_parameters(
domain
)
Allow caller to set SELinux access vector cache parameters.
Module:
selinux
Layer:
kernel
selinux_unconfined(
domain
)
Unconfined access to the SELinux kernel security server.
Module:
selinux
Layer:
kernel
selinux_validate_context(
domain
)
Allows caller to validate security contexts.
Module:
sendmail
Layer:
services
sendmail_domtrans(
domain
)
Domain transition to sendmail.
Module:
selinuxutil
Layer:
system
seutil_domtrans_checkpol(
domain
)
Execute checkpolicy in the checkpolicy domain.
Module:
selinuxutil
Layer:
system
seutil_domtrans_loadpol(
domain
)
Execute load_policy in the load_policy domain.
Module:
selinuxutil
Layer:
system
seutil_domtrans_newrole(
domain
)
Execute newrole in the load_policy domain.
Module:
selinuxutil
Layer:
system
seutil_domtrans_restorecon(
domain
)
Execute restorecon in the restorecon domain.
Module:
selinuxutil
Layer:
system
seutil_domtrans_runinit(
domain
)
Execute run_init in the run_init domain.
Module:
selinuxutil
Layer:
system
seutil_domtrans_setfiles(
domain
)
Execute setfiles in the setfiles domain.
Module:
selinuxutil
Layer:
system
seutil_dontaudit_search_config(
domain
)
Do not audit attempts to search the SELinux
configuration directory (/etc/selinux).
Module:
selinuxutil
Layer:
system
seutil_dontaudit_signal_newrole(
domain
)
Do not audit the caller attempts to send
a signal to newrole.
Module:
selinuxutil
Layer:
system
seutil_relabelto_binary_pol(
domain
)
Allow the caller to relabel a file to the binary policy type.
Module:
selinuxutil
Layer:
system
seutil_run_checkpol(
domain
,
role
,
terminal
)
Execute checkpolicy in the checkpolicy domain, and
allow the specified role the checkpolicy domain,
and use the caller's terminal.
Has a SIGCHLD signal backchannel.
Module:
selinuxutil
Layer:
system
seutil_run_loadpol(
domain
,
role
,
terminal
)
Execute load_policy in the load_policy domain, and
allow the specified role the load_policy domain,
and use the caller's terminal.
Has a SIGCHLD signal backchannel.
Module:
selinuxutil
Layer:
system
seutil_run_newrole(
domain
,
role
,
terminal
)
Execute newrole in the newrole domain, and
allow the specified role the newrole domain,
and use the caller's terminal.
Module:
selinuxutil
Layer:
system
seutil_run_restorecon(
domain
,
role
,
terminal
)
Execute restorecon in the restorecon domain, and
allow the specified role the restorecon domain,
and use the caller's terminal.
Module:
selinuxutil
Layer:
system
seutil_run_runinit(
domain
,
role
,
terminal
)
Execute run_init in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
Module:
selinuxutil
Layer:
system
seutil_run_setfiles(
domain
,
role
,
terminal
)
Execute setfiles in the setfiles domain, and
allow the specified role the setfiles domain,
and use the caller's terminal.
Module:
selinuxutil
Layer:
system
seutil_search_default_contexts(
domain
)
Search the policy directory with default_context files.
Module:
ssh
Layer:
services
ssh_dontaudit_read_server_keys(
domain
)
Module:
storage
Layer:
kernel
storage_create_fixed_disk(
domain
)
Create block devices in /dev with the fixed disk type.
Module:
storage
Layer:
kernel
storage_create_fixed_disk_tmpfs(
domain
)
Create fixed disk device nodes on a tmpfs filesystem.
Module:
storage
Layer:
kernel
storage_dontaudit_getattr_fixed_disk(
domain
)
Do not audit attempts made by the caller to get
the attributes of fixed disk device nodes.
Module:
storage
Layer:
kernel
storage_dontaudit_getattr_removable_device(
domain
)
Do not audit attempts made by the caller to get
the attributes of removable devices device nodes.
Module:
storage
Layer:
kernel
storage_dontaudit_setattr_fixed_disk(
domain
)
Do not audit attempts made by the caller to set
the attributes of fixed disk device nodes.
Module:
storage
Layer:
kernel
storage_dontaudit_setattr_removable_device(
domain
)
Do not audit attempts made by the caller to set
the attributes of removable devices device nodes.
Module:
storage
Layer:
kernel
storage_getattr_fixed_disk(
domain
)
Allow the caller to get the attributes of fixed disk
device nodes.
Module:
storage
Layer:
kernel
storage_getattr_removable_device(
domain
)
Allow the caller to get the attributes of removable
devices device nodes.
Module:
storage
Layer:
kernel
storage_getattr_scsi_generic(
domain
)
Allow the caller to get the attributes of
the generic SCSI interface device nodes.
Module:
storage
Layer:
kernel
storage_getattr_scsi_generic(
domain
)
Get attributes of the device nodes
for the SCSI generic inerface.
Module:
storage
Layer:
kernel
storage_getattr_tape_device(
domain
)
Allow the caller to get the attributes
of device nodes of tape devices.
Module:
storage
Layer:
kernel
storage_manage_fixed_disk(
domain
)
Create, read, write, and delete fixed disk device nodes.
Module:
storage
Layer:
kernel
storage_raw_read_fixed_disk(
domain
)
Allow the caller to directly read from a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_raw_read_lvm_volume(
domain
)
Allow the caller to directly read from a logical volume.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_raw_read_removable_device(
domain
)
Allow the caller to directly read from
a removable device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_raw_write_fixed_disk(
domain
)
Allow the caller to directly write to a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_raw_write_lvm_volume(
domain
)
Allow the caller to directly read from a logical volume.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_raw_write_removable_device(
domain
)
Allow the caller to directly write to
a removable device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_read_scsi_generic(
domain
)
Allow the caller to directly read, in a
generic fashion, from any SCSI device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_read_tape_device(
domain
)
Allow the caller to directly read
a tape device.
Module:
storage
Layer:
kernel
storage_relabel_fixed_disk(
domain
)
Relabel fixed disk device nodes.
Module:
storage
Layer:
kernel
storage_set_scsi_generic_attributes(
domain
)
Set attributes of the device nodes
for the SCSI generic inerface.
Module:
storage
Layer:
kernel
storage_setattr_fixed_disk(
domain
)
Allow the caller to set the attributes of fixed disk
device nodes.
Module:
storage
Layer:
kernel
storage_setattr_removable_device(
domain
)
Allow the caller to set the attributes of removable
devices device nodes.
Module:
storage
Layer:
kernel
storage_setattr_scsi_generic(
domain
)
Allow the caller to set the attributes of
the generic SCSI interface device nodes.
Module:
storage
Layer:
kernel
storage_setattr_tape_device(
domain
)
Allow the caller to set the attributes
of device nodes of tape devices.
Module:
storage
Layer:
kernel
storage_swapon_fixed_disk(
domain
)
Enable a fixed disk device as swap space
Module:
storage
Layer:
kernel
storage_unconfined(
domain
)
Unconfined access to storage devices.
Module:
storage
Layer:
kernel
storage_write_scsi_generic(
domain
)
Allow the caller to directly write, in a
generic fashion, from any SCSI device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
Module:
storage
Layer:
kernel
storage_write_tape_device(
domain
)
Allow the caller to directly read
a tape device.
Module:
sysnetwork
Layer:
system
sysnet_create_config(
domain
)
Create files in /etc with the type used for
the network config files.
Module:
sysnetwork
Layer:
system
sysnet_domtrans_dhcpc(
domain
)
Execute dhcp client in dhcpc domain.
Module:
sysnetwork
Layer:
system
sysnet_domtrans_ifconfig(
domain
)
Execute ifconfig in the ifconfig domain.
Module:
sysnetwork
Layer:
system
sysnet_kill_dhcpc(
domain
)
Send a kill signal to the dhcp client.
Module:
sysnetwork
Layer:
system
sysnet_manage_config(
domain
)
Create, read, write, and delete network config files.
Module:
sysnetwork
Layer:
system
sysnet_read_config(
domain
)
Allow network init to read network config files.
Module:
sysnetwork
Layer:
system
sysnet_read_dhcpc_pid(
domain
)
Read the dhcp client pid file.
Module:
sysnetwork
Layer:
system
sysnet_read_dhcpc_state(
domain
)
Read dhcp client state files.
Module:
sysnetwork
Layer:
system
sysnet_run_ifconfig(
domain
,
role
,
terminal
)
Execute ifconfig in the ifconfig domain, and
allow the specified role the ifconfig domain,
and use the caller's terminal.
Module:
sysnetwork
Layer:
system
sysnet_rw_dhcp_config(
domain
)
Read and write dhcp configuration files.
Module:
sysnetwork
Layer:
system
sysnet_sigchld_dhcpc(
domain
)
Send a SIGCHLD signal to the dhcp client.
Module:
sysnetwork
Layer:
system
sysnet_signal_dhcpc(
domain
)
Send a generic signal to the dhcp client.
Module:
sysnetwork
Layer:
system
sysnet_signull_dhcpc(
domain
)
Send a null signal to the dhcp client.
Module:
sysnetwork
Layer:
system
sysnet_sigstop_dhcpc(
domain
)
Send a SIGSTOP signal to the dhcp client.
Module:
terminal
Layer:
kernel
term_create_pty(
domain
,
pty_type
)
Create a pty in the /dev/pts directory.
Module:
terminal
Layer:
kernel
term_dontaudit_getattr_all_user_ptys(
domain
)
Do not audit attempts to get the
attributes of any user pty
device nodes.
Module:
terminal
Layer:
kernel
term_dontaudit_getattr_all_user_ttys(
domain
)
Do not audit attempts to get the
attributes of any user tty
device nodes.
Module:
terminal
Layer:
kernel
term_dontaudit_getattr_unallocated_ttys(
domain
)
Do not audit attempts to get the attributes
of all unallocated tty device nodes.
Module:
terminal
Layer:
kernel
term_dontaudit_list_ptys(
domain
)
Do not audit attempts to read the
/dev/pts directory.
Module:
terminal
Layer:
kernel
term_dontaudit_manage_pty_dir(
domain
)
Do not audit attempts to create, read,
write, or delete the /dev/pts directory.
Module:
terminal
Layer:
kernel
term_dontaudit_use_all_user_ptys(
domain
)
Do not audit attempts to read any
user ptys.
Module:
terminal
Layer:
kernel
term_dontaudit_use_all_user_ttys(
domain
)
Do not audit attempts to read or write
any user ttys.
Module:
terminal
Layer:
kernel
term_dontaudit_use_console(
domain
)
Do not audit attemtps to read from
or write to the console.
Module:
terminal
Layer:
kernel
term_dontaudit_use_generic_pty(
domain
)
Dot not audit attempts to read and
write the generic pty type. This is
generally only used in the targeted policy.
Module:
terminal
Layer:
kernel
term_dontaudit_use_ptmx(
domain
)
Do not audit attempts to read and
write the pty multiplexor (/dev/ptmx).
Module:
terminal
Layer:
kernel
term_dontaudit_use_unallocated_tty(
domain
)
Do not audit attempts to read or
write unallocated ttys.
Module:
terminal
Layer:
kernel
term_getattr_all_user_ptys(
domain
)
Get the attributes of all user
pty device nodes.
Module:
terminal
Layer:
kernel
term_getattr_all_user_ttys(
domain
)
Get the attributes of all user tty
device nodes.
Module:
terminal
Layer:
kernel
term_getattr_unallocated_ttys(
domain
)
Get the attributes of all unallocated
tty device nodes.
Module:
terminal
Layer:
kernel
term_list_ptys(
domain
)
Read the /dev/pts directory to
list all ptys.
Module:
terminal
Layer:
kernel
term_login_pty(
pty_type
)
Transform specified type into a pty type
used by login programs, such as sshd.
Module:
terminal
Layer:
kernel
term_pty(
pty_type
)
Transform specified type into a pty type.
Module:
terminal
Layer:
kernel
term_relabel_all_user_ptys(
domain
)
Relabel from and to all user
user pty device nodes.
Module:
terminal
Layer:
kernel
term_relabel_all_user_ttys(
domain
)
Relabel from and to all user
user tty device nodes.
Module:
terminal
Layer:
kernel
term_relabel_unallocated_ttys(
domain
)
Relabel from and to the unallocated
tty type.
Module:
terminal
Layer:
kernel
term_relabelto_all_user_ptys(
domain
)
Relabel to all user ptys.
Module:
terminal
Layer:
kernel
term_reset_tty_labels(
domain
)
Relabel from all user tty types to
the unallocated tty type.
Module:
terminal
Layer:
kernel
term_setattr_all_user_ptys(
domain
)
Set the attributes of all user
pty device nodes.
Module:
terminal
Layer:
kernel
term_setattr_all_user_ttys(
domain
)
Set the attributes of all user tty
device nodes.
Module:
terminal
Layer:
kernel
term_setattr_console(
domain
)
Set the attributes of the console
device node.
Module:
terminal
Layer:
kernel
term_setattr_unallocated_ttys(
domain
)
Set the attributes of all unallocated
tty device nodes.
Module:
terminal
Layer:
kernel
term_tty(
tty_type
)
Transform specified type into a tty type.
Module:
terminal
Layer:
kernel
term_use_all_terms(
domain
)
Read and write the console, all
ttys and all ptys.
Module:
terminal
Layer:
kernel
term_use_all_user_ptys(
domain
)
Read and write all user ptys.
Module:
terminal
Layer:
kernel
term_use_all_user_ttys(
domain
)
Read and write all user to all user ttys.
Module:
terminal
Layer:
kernel
term_use_console(
domain
)
Read from and write to the console.
Module:
terminal
Layer:
kernel
term_use_controlling_term(
domain
)
Read and write the controlling
terminal (/dev/tty).
Module:
terminal
Layer:
kernel
term_use_generic_pty(
domain
)
Read and write the generic pty
type. This is generally only used in
the targeted policy.
Module:
terminal
Layer:
kernel
term_use_unallocated_tty(
domain
)
Read and write unallocated ttys.
Module:
terminal
Layer:
kernel
term_user_pty(
userdomain
,
object_type
)
Transform specified type into an user
pty type. This allows it to be relabeled via
type change by login programs such as ssh.
Module:
terminal
Layer:
kernel
term_write_unallocated_ttys(
domain
)
Write to unallocated ttys.
Module:
tmpreaper
Layer:
admin
tmpreaper_exec(
domain
)
Execute tmpreaper in the caller domain.
Module:
udev
Layer:
system
udev_domtrans(
domain
)
Execute udev in the udev domain.
Module:
udev
Layer:
system
udev_donaudit_rw_unix_dgram_socket(
domain
)
Do not audit attempts to read or write
to a udev unix datagram socket.
Module:
udev
Layer:
system
udev_read_db(
domain
)
Allow process to read list of devices.
Module:
udev
Layer:
system
udev_rw_db(
domain
)
Allow process to modify list of devices.
Module:
unconfined
Layer:
system
unconfined_domtrans(
domain
)
Transition to the unconfined domain.
Module:
unconfined
Layer:
system
unconfined_dontaudit_rw_tcp_socket(
domain
)
Do not audit attempts to read or write
unconfined domain tcp sockets.
Module:
unconfined
Layer:
system
unconfined_role(
domain
)
Add the unconfined domain to the specified role.
Module:
unconfined
Layer:
system
unconfined_run(
domain
,
role
,
terminal
)
Execute specified programs in the unconfined domain.
Module:
unconfined
Layer:
system
unconfined_rw_pipe(
domain
)
Read and write unconfined domain unnamed pipes.
Module:
unconfined
Layer:
system
unconfined_shell_domtrans(
domain
)
Transition to the unconfined domain by executing a shell.
Module:
unconfined
Layer:
system
unconfined_sigchld(
domain
)
Send a SIGCHLD signal to the unconfined domain.
Module:
unconfined
Layer:
system
unconfined_use_fd(
domain
)
Inherit file descriptors from the unconfined domain.
Module:
updfstab
Layer:
admin
updfstab_domtrans(
domain
)
Execute updfstab in the updfstab domain.
Module:
userdomain
Layer:
system
userdom_create_user_home(
domain
,
[
object_class
]
)
Create objects in generic user home directories
with automatic file type transition.
Module:
userdomain
Layer:
system
userdom_create_user_home_dir(
domain
)
Create generic user home directories
with automatic file type transition.
Module:
userdomain
Layer:
system
userdom_dontaudit_search_all_users_home(
domain
)
Do not audit attempts to search all users home directories.
Module:
userdomain
Layer:
system
userdom_dontaudit_search_staff_home_dir(
domain
)
Do not audit attempts to search the staff
users home directory.
Module:
userdomain
Layer:
system
userdom_dontaudit_search_sysadm_home_dir(
domain
)
Do not audit attempts to search the sysadm
users home directory.
Module:
userdomain
Layer:
system
userdom_dontaudit_use_sysadm_terms(
domain
)
Do not audit attempts to use sysadm ttys and ptys.
Module:
userdomain
Layer:
system
userdom_dontaudit_use_sysadm_tty(
domain
)
Do not audit attempts to use sysadm ttys.
Module:
userdomain
Layer:
system
userdom_dontaudit_use_unpriv_user_fd(
domain
)
Do not audit attempts to inherit the
file descriptors from all user domains.
Module:
userdomain
Layer:
system
userdom_dontaudit_use_unpriv_user_tty(
domain
)
Do not audit attempts to use unprivileged
user ttys.
Module:
userdomain
Layer:
system
userdom_manage_user_home_dir(
domain
)
Create, read, write, and delete
generic user home directories.
Module:
userdomain
Layer:
system
userdom_manage_user_home_dirs(
domain
)
Create, read, write, and delete
subdirectories of generic user
home directories.
Module:
userdomain
Layer:
system
userdom_manage_user_home_files(
domain
)
Create, read, write, and delete files
in generic user home directories.
Module:
userdomain
Layer:
system
userdom_manage_user_home_pipes(
domain
)
Create, read, write, and delete named
pipes in generic user home directories.
Module:
userdomain
Layer:
system
userdom_manage_user_home_sockets(
domain
)
Create, read, write, and delete named
sockets in generic user home directories.
Module:
userdomain
Layer:
system
userdom_manage_user_home_symlinks(
domain
)
Create, read, write, and delete symbolic
links in generic user home directories.
Module:
userdomain
Layer:
system
userdom_read_all_user_files(
domain
)
Read all files in all users home directories.
Module:
userdomain
Layer:
system
userdom_read_staff_home_files(
domain
)
Read files in the staff users home directory.
Module:
userdomain
Layer:
system
userdom_read_sysadm_home_files(
domain
)
Read files in the sysadm users home directory.
Module:
userdomain
Layer:
system
userdom_rw_sysadm_pipe(
domain
)
Read and write sysadm user unnamed pipes.
Module:
userdomain
Layer:
system
userdom_search_all_users_home(
domain
)
Search all users home directories.
Module:
userdomain
Layer:
system
userdom_search_staff_home_dir(
domain
)
Search the staff users home directory.
Module:
userdomain
Layer:
system
userdom_search_sysadm_home_dir(
domain
)
Search the sysadm users home directory.
Module:
userdomain
Layer:
system
userdom_shell_domtrans_sysadm(
domain
)
Execute a shell in the sysadm domain.
Module:
userdomain
Layer:
system
userdom_signal_all_users(
domain
)
Send general signals to all user domains.
Module:
userdomain
Layer:
system
userdom_signal_unpriv_users(
domain
)
Send general signals to unprivileged user domains.
Module:
userdomain
Layer:
system
userdom_spec_domtrans_all_users(
domain
)
Execute a shell in all user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
Module:
userdomain
Layer:
system
userdom_spec_domtrans_unpriv_users(
domain
)
Execute a shell in all unprivileged user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
Module:
userdomain
Layer:
system
userdom_unconfined(
domain
)
Unconfined access to user domains.
Module:
userdomain
Layer:
system
userdom_use_all_user_fd(
domain
)
Inherit the file descriptors from all user domains
Module:
userdomain
Layer:
system
userdom_use_sysadm_fd(
domain
)
Inherit and use sysadm file descriptors
Module:
userdomain
Layer:
system
userdom_use_sysadm_pty(
domain
)
Read and write sysadm ptys.
Module:
userdomain
Layer:
system
userdom_use_sysadm_terms(
domain
)
Read and write sysadm ttys and ptys.
Module:
userdomain
Layer:
system
userdom_use_sysadm_tty(
domain
)
Read and write sysadm ttys.
Module:
userdomain
Layer:
system
userdom_use_unpriv_users_fd(
domain
)
Inherit the file descriptors from unprivileged user domains.
Module:
userdomain
Layer:
system
userdom_write_unpriv_user_tmp(
domain
)
Write all unprivileged users files in /tmp
Module:
usermanage
Layer:
admin
usermanage_domtrans_chfn(
domain
)
Execute chfn in the chfn domain.
Module:
usermanage
Layer:
admin
usermanage_domtrans_groupadd(
domain
)
Execute groupadd in the groupadd domain.
Module:
usermanage
Layer:
admin
usermanage_domtrans_passwd(
domain
)
Execute passwd in the passwd domain.
Module:
usermanage
Layer:
admin
usermanage_domtrans_useradd(
domain
)
Execute useradd in the useradd domain.
Module:
usermanage
Layer:
admin
usermanage_run_chfn(
domain
,
role
,
terminal
)
Execute chfn in the chfn domain, and
allow the specified role the chfn domain.
Module:
usermanage
Layer:
admin
usermanage_run_groupadd(
domain
,
role
,
terminal
)
Execute groupadd in the groupadd domain, and
allow the specified role the groupadd domain.
Module:
usermanage
Layer:
admin
usermanage_run_passwd(
domain
,
role
,
terminal
)
Execute passwd in the passwd domain, and
allow the specified role the passwd domain.
Module:
usermanage
Layer:
admin
usermanage_run_useradd(
domain
,
role
,
terminal
)
Execute useradd in the useradd domain, and
allow the specified role the useradd domain.