Master interface index:
Module:
authlogin
Layer:
system
auth_domtrans_login_program(
domain
,
target_domain
)
Module:
authlogin
Layer:
system
auth_dontaudit_write_login_records(
domain
)
Module:
authlogin
Layer:
system
auth_manage_all_files_except_shadow(
domain
,
[
exception_types
]
)
Module:
authlogin
Layer:
system
auth_relabel_all_files_except_shadow(
domain
,
[
exception_types
]
)
Module:
authlogin
Layer:
system
auth_run_utempter(
domain
,
role
,
terminal
)
Module:
authlogin
Layer:
system
authlogin_per_userdomain_template(
userdomain_prefix
)
Module:
bootloader
Layer:
kernel
bootloader_create_kernel_symbol_table(
domain
)
Module:
bootloader
Layer:
kernel
bootloader_delete_kernel_symbol_table(
domain
)
Module:
clock
Layer:
system
clock_run(
domain
,
role
,
terminal
)
Module:
corenetwork
Layer:
kernel
corenet_tcp_sendrecv_kerberos_master_port(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_eth0_interface(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_eth1_interface(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_eth2_interface(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_ftp_data_port(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_http_cache_port(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_inetd_child_port(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_ippp0_interface(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_ipsec0_interface(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_ipsec1_interface(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_ipsec2_interface(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_kerberos_admin_port(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_kerberos_master_port(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_kerberos_port(
domain
)
Module:
corenetwork
Layer:
kernel
corenetwork_sendrecv_udp_on_postgresql_port(
domain
)
Module:
devices
Layer:
kernel
dev_create_dev_node(
domain
,
file
,
objectclass(es)
)
Create, read, and write device nodes. The node
will be transitioned to the type provided.
Module:
devices
Layer:
kernel
dev_create_dir(
domain
)
Create a directory in the device directory.
Module:
devices
Layer:
kernel
dev_create_generic_chr_file(
domain
)
Allow read, write, and create for generic character device files.
Module:
devices
Layer:
kernel
dev_del_generic_symlinks(
domain
)
Delete symbolic links in device directories.
Module:
devices
Layer:
kernel
dev_delete_lvm_control(
domain
)
Delete the lvm control device.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_all_blk_files(
domain
)
Dontaudit getattr on all block file device nodes.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_all_chr_files(
domain
)
Dontaudit getattr on all character file device nodes.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_generic_blk_file(
domain
)
Dontaudit getattr on generic block devices.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_generic_chr_file(
domain
)
Dontaudit getattr for generic character device files.
Module:
devices
Layer:
kernel
dev_dontaudit_getattr_generic_pipe(
domain
)
Dontaudit getattr on generic pipes.
Module:
devices
Layer:
kernel
dev_dontaudit_list_all_dev_nodes(
domain
)
Dontaudit attempts to list all device nodes.
Module:
devices
Layer:
kernel
dev_dontaudit_rw_dri_dev(
domain
)
Dontaudit read and write on the dri devices.
Module:
devices
Layer:
kernel
dev_dontaudit_rw_generic_dev_nodes(
domain
)
Dontaudit getattr for generic device files.
Module:
devices
Layer:
kernel
dev_getattr_all_blk_files(
domain
)
Getattr on all block file device nodes.
Module:
devices
Layer:
kernel
dev_getattr_all_chr_files(
domain
)
Getattr on all character file device nodes.
Module:
devices
Layer:
kernel
dev_getattr_generic_blk_file(
domain
)
Allow getattr on generic block devices.
Module:
devices
Layer:
kernel
dev_getattr_generic_chr_file(
domain
)
Allow getattr for generic character device files.
Module:
devices
Layer:
kernel
dev_list_all_dev_nodes(
domain
)
List all of the device nodes in a device directory.
Module:
devices
Layer:
kernel
dev_manage_all_blk_files(
domain
)
Read, write, create, and delete all block device files.
Module:
devices
Layer:
kernel
dev_manage_all_chr_files(
domain
)
Read, write, create, and delete all character device files.
Module:
devices
Layer:
kernel
dev_manage_dev_nodes(
domain
)
Create, delete, read, and write device nodes in device directories.
Module:
devices
Layer:
kernel
dev_manage_generic_blk_file(
domain
)
Allow read, write, create, and delete for generic
block files.
Module:
devices
Layer:
kernel
dev_manage_generic_blk_file(
domain
)
Create, delete, read, and write block device files.
Module:
devices
Layer:
kernel
dev_manage_generic_chr_file(
domain
)
Create, delete, read, and write character device files.
Module:
devices
Layer:
kernel
dev_manage_generic_symlinks(
domain
)
Create, delete, read, and write symbolic links in device directories.
Module:
devices
Layer:
kernel
dev_node(
object_type
)
Make the passed in type a type appropriate for
use on device nodes (usually files in /dev).
Module:
devices
Layer:
kernel
dev_read_cpuid(
domain
)
Read the multiplexed input device (/dev/input).
Module:
devices
Layer:
kernel
dev_read_framebuffer(
domain
)
Read the framebuffer device.
Module:
devices
Layer:
kernel
dev_read_input(
domain
)
Read the multiplexed input device (/dev/input).
Module:
devices
Layer:
kernel
dev_read_lvm_control(
domain
)
Read the lvm comtrol device.
Module:
devices
Layer:
kernel
dev_read_misc(
domain
)
Read miscellaneous devices.
Module:
devices
Layer:
kernel
dev_read_rand(
domain
)
Read from random devices (e.g., /dev/random)
Module:
devices
Layer:
kernel
dev_read_raw_memory(
domain
)
Read raw memory devices (e.g. /dev/mem).
Module:
devices
Layer:
kernel
dev_read_realtime_clock(
domain
)
Read the realtime clock (/dev/rtc).
Module:
devices
Layer:
kernel
dev_read_snd_mixer_dev(
domain
)
Read the sound mixer devices.
Module:
devices
Layer:
kernel
dev_read_urand(
domain
)
Read from pseudo random devices (e.g., /dev/urandom)
Module:
devices
Layer:
kernel
dev_relabel_all_dev_nodes(
domain
)
Allow full relabeling (to and from) of all device nodes.
Module:
devices
Layer:
kernel
dev_relabel_dev_dirs(
domain
)
Allow full relabeling (to and from) of directories in /dev.
Module:
devices
Layer:
kernel
dev_rw_agp_dev(
domain
)
Read and write the agp devices.
Module:
devices
Layer:
kernel
dev_rw_cpu_microcode(
domain
)
Read and write the the cpu microcode device. This
is required to load cpu microcode.
Module:
devices
Layer:
kernel
dev_rw_dri_dev(
domain
)
Read and write the dri devices.
Module:
devices
Layer:
kernel
dev_rw_lvm_control(
domain
)
Read and write the lvm control device.
Module:
devices
Layer:
kernel
dev_rw_null_dev(
domain
)
Read and write to the null device (/dev/null).
Module:
devices
Layer:
kernel
dev_rw_power_management(
domain
)
Read and write the the power management device.
Module:
devices
Layer:
kernel
dev_rw_realtime_clock(
domain
)
Read the realtime clock (/dev/rtc).
Module:
devices
Layer:
kernel
dev_rw_scanner(
domain
)
Read and write the the scanner device.
Module:
devices
Layer:
kernel
dev_rw_zero_dev(
domain
)
Read and write to the zero device (/dev/zero).
Module:
devices
Layer:
kernel
dev_rwx_zero_dev(
domain
)
Read, write, and execute the zero device (/dev/zero).
Module:
devices
Layer:
kernel
dev_rx_raw_memory(
domain
)
Read and execute raw memory devices (e.g. /dev/mem).
Module:
devices
Layer:
kernel
dev_setattr_all_blk_files(
domain
)
Setattr on all block file device nodes.
Module:
devices
Layer:
kernel
dev_setattr_all_chr_files(
domain
)
Setattr on all character file device nodes.
Module:
devices
Layer:
kernel
dev_write_framebuffer(
domain
)
Write the framebuffer device.
Module:
devices
Layer:
kernel
dev_write_misc(
domain
)
Write miscellaneous devices.
Module:
devices
Layer:
kernel
dev_write_rand(
domain
)
Write to the random device (e.g., /dev/random). This adds
entropy used to generate the random data read from the
random device.
Module:
devices
Layer:
kernel
dev_write_raw_memory(
domain
)
Write raw memory devices (e.g. /dev/mem).
Module:
devices
Layer:
kernel
dev_write_realtime_clock(
domain
)
Read the realtime clock (/dev/rtc).
Module:
devices
Layer:
kernel
dev_write_snd_mixer_dev(
domain
)
Write the sound mixer devices.
Module:
devices
Layer:
kernel
dev_write_urand(
domain
)
Write to the pseudo random device (e.g., /dev/urandom). This
sets the random number generator seed.
Module:
devices
Layer:
kernel
dev_wx_raw_memory(
domain
)
Write and execute raw memory devices (e.g. /dev/mem).
Module:
dmesg
Layer:
admin
dmesg_domtrans(
domain
)
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_tcp_sockets(
domain
)
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_udp_sockets(
domain
)
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_unix_dgram_sockets(
domain
)
Module:
domain
Layer:
system
domain_dontaudit_getattr_all_unnamed_pipes(
domain
)
Module:
domain
Layer:
system
domain_dontaudit_list_all_domains_proc(
domain
)
Module:
domain
Layer:
system
domain_getsession_all_domains(
domain
)
Module:
domain
Layer:
system
domain_kill_all_domains(
domain
)
Module:
domain
Layer:
system
domain_obj_id_change_exempt(
domain
)
Module:
domain
Layer:
system
domain_read_all_domains_state(
domain
)
Module:
domain
Layer:
system
domain_role_change_exempt(
domain
)
Module:
domain
Layer:
system
domain_sigchld_all_domains(
domain
)
Module:
domain
Layer:
system
domain_signal_all_domains(
domain
)
Module:
domain
Layer:
system
domain_signull_all_domains(
domain
)
Module:
domain
Layer:
system
domain_sigstop_all_domains(
domain
)
Module:
domain
Layer:
system
domain_subj_id_change_exempt(
domain
)
Module:
files
Layer:
system
files_create_root(
domain
,
[
private type
]
,
[
object
]
)
Module:
files
Layer:
system
files_delete_generic_etc_files(
domain
)
Module:
files
Layer:
system
files_dontaudit_ioctl_all_pids(
domain
)
Module:
files
Layer:
system
files_dontaudit_write_all_pids(
domain
)
Module:
files
Layer:
system
files_exec_usr_files(
domain
)
Module:
files
Layer:
system
files_manage_all_files(
domain
,
[
exception_types
]
)
Module:
files
Layer:
system
files_relabel_all_files(
domain
,
[
exception_types
]
)
Module:
getty
Layer:
system
getty_modify_config(
domain
)
Module:
getty
Layer:
system
getty_read_config(
domain
)
Module:
hostname
Layer:
system
hostname_run(
domain
,
role
,
terminal
)
Module:
init
Layer:
system
init_read_script_process_state(
domain
)
Module:
init
Layer:
system
init_rw_script_tmp_files(
domain
)
Module:
iptables
Layer:
system
iptables_run(
domain
,
role
,
terminal
)
Module:
kernel
Layer:
kernel
kernel_change_ring_buffer_level(
domain
)
Module:
kernel
Layer:
kernel
kernel_clear_ring_buffer(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_getattr_core(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_getattr_message_if(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_getattr_unlabeled_blk_dev(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_read_ring_buffer(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_read_system_state(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_search_network_sysctl_dir(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_search_sysctl_dir(
domain
)
Module:
kernel
Layer:
kernel
kernel_dontaudit_use_fd(
domain
)
Module:
kernel
Layer:
kernel
kernel_get_sysvipc_info(
domain
)
Module:
kernel
Layer:
kernel
kernel_getattr_message_if(
domain
)
Module:
kernel
Layer:
kernel
kernel_kill_unlabeled(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_all_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_device_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_fs_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_hotplug_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_irq_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_kernel_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_modprobe_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_net_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_network_state(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_ring_buffer(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_software_raid_state(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_system_state(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_unix_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_read_vm_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_relabel_unlabeled(
domain
)
Module:
kernel
Layer:
kernel
kernel_rootfs_mountpoint(
directory_type
)
Module:
kernel
Layer:
kernel
kernel_rw_device_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_rw_hotplug_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_rw_kernel_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_rw_modprobe_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_rw_unix_sysctl(
domain
)
Module:
kernel
Layer:
kernel
kernel_sigchld_unlabeled(
domain
)
Module:
kernel
Layer:
kernel
kernel_signal_unlabeled(
domain
)
Module:
kernel
Layer:
kernel
kernel_signull_unlabeled(
domain
)
Module:
kernel
Layer:
kernel
kernel_sigstop_unlabeled(
domain
)
Module:
kernel
Layer:
kernel
kernel_userland_entry(
domain
,
entrypoint
)
Module:
libraries
Layer:
system
libs_run_ldconfig(
domain
,
role
,
terminal
)
Module:
lvm
Layer:
system
lvm_domtrans(
domain
)
Module:
lvm
Layer:
system
lvm_read_config(
domain
)
Module:
lvm
Layer:
system
lvm_run(
domain
,
role
,
terminal
)
Module:
miscfiles
Layer:
system
miscfiles_legacy_read_localization(
domain
)
Module:
modutils
Layer:
system
modutils_domtrans_update_mods(
domain
)
Module:
modutils
Layer:
system
modutils_read_kernel_module_dependencies(
domain
)
Module:
modutils
Layer:
system
modutils_run_depmod(
domain
,
role
,
terminal
)
Module:
modutils
Layer:
system
modutils_run_insmod(
domain
,
role
,
terminal
)
Module:
modutils
Layer:
system
modutils_run_update_mods(
domain
,
role
,
terminal
)
Module:
mount
Layer:
system
mount_run(
domain
,
role
,
terminal
)
Module:
mount
Layer:
system
mount_send_nfs_client_request(
domain
)
Module:
rpm
Layer:
admin
rpm_domtrans(
domain
)
Module:
rpm
Layer:
admin
rpm_read_db(
domain
)
Module:
rpm
Layer:
admin
rpm_read_pipe(
domain
)
Module:
rpm
Layer:
admin
rpm_run(
domain
,
role
,
terminal
)
Module:
rpm
Layer:
admin
rpm_use_fd(
domain
)
Module:
selinux
Layer:
kernel
selinux_compute_access_vector(
domain
)
Module:
selinux
Layer:
kernel
selinux_compute_create_context(
domain
)
Module:
selinux
Layer:
kernel
selinux_compute_relabel_context(
domain
)
Module:
selinux
Layer:
kernel
selinux_compute_user_contexts(
domain
)
Module:
selinux
Layer:
kernel
selinux_set_boolean(
domain
,
[
booltype
]
)
Module:
storage
Layer:
kernel
storage_create_fixed_disk(
domain
)
Module:
storage
Layer:
kernel
storage_dontaudit_getattr_fixed_disk(
domain
)
Module:
storage
Layer:
kernel
storage_dontaudit_getattr_removable_device(
domain
)
Module:
storage
Layer:
kernel
storage_getattr_fixed_disk(
domain
)
Module:
storage
Layer:
kernel
storage_getattr_removable_device(
domain
)
Module:
storage
Layer:
kernel
storage_getattr_scsi_generic(
domain
)
Module:
storage
Layer:
kernel
storage_getattr_tape_device(
domain
)
Module:
storage
Layer:
kernel
storage_manage_fixed_disk(
domain
)
Module:
storage
Layer:
kernel
storage_raw_read_fixed_disk(
domain
)
Module:
storage
Layer:
kernel
storage_raw_read_lvm_volume(
domain
)
Module:
storage
Layer:
kernel
storage_raw_read_removable_device(
domain
)
Module:
storage
Layer:
kernel
storage_raw_write_fixed_disk(
domain
)
Module:
storage
Layer:
kernel
storage_raw_write_lvm_volume(
domain
)
Module:
storage
Layer:
kernel
storage_raw_write_removable_device(
domain
)
Module:
storage
Layer:
kernel
storage_read_scsi_generic(
domain
)
Module:
storage
Layer:
kernel
storage_setattr_fixed_disk(
domain
)
Module:
storage
Layer:
kernel
storage_setattr_removable_device(
domain
)
Module:
storage
Layer:
kernel
storage_setattr_scsi_generic(
domain
)
Module:
storage
Layer:
kernel
storage_setattr_tape_device(
domain
)
Module:
storage
Layer:
kernel
storage_write_scsi_generic(
domain
)
Module:
storage
Layer:
kernel
storage_write_tape_device(
domain
)
Module:
sysnetwork
Layer:
system
sysnet_run_ifconfig(
domain
,
role
,
terminal
)
Module:
terminal
Layer:
kernel
term_dontaudit_getattr_all_user_ttys(
domain
)
Module:
terminal
Layer:
kernel
term_dontaudit_use_all_user_ptys(
domain
)
Module:
terminal
Layer:
kernel
term_dontaudit_use_all_user_ttys(
domain
)
Module:
terminal
Layer:
kernel
term_dontaudit_use_generic_pty(
domain
)
Module:
terminal
Layer:
kernel
term_dontaudit_use_unallocated_tty(
domain
)
Module:
terminal
Layer:
kernel
term_getattr_unallocated_ttys(
domain
)
Module:
terminal
Layer:
kernel
term_relabel_unallocated_ttys(
domain
)
Module:
terminal
Layer:
kernel
term_setattr_unallocated_ttys(
domain
)
Module:
terminal
Layer:
kernel
term_user_pty(
userdomain
,
object_type
)
Module:
udev
Layer:
system
udev_domtrans(
domain
)
Module:
usermanage
Layer:
admin
usermanage_run_chfn(
domain
,
role
,
terminal
)
Module:
usermanage
Layer:
admin
usermanage_run_groupadd(
domain
,
role
,
terminal
)
Module:
usermanage
Layer:
admin
usermanage_run_passwd(
domain
,
role
,
terminal
)
Module:
usermanage
Layer:
admin
usermanage_run_useradd(
domain
,
role
,
terminal
)