Layer: system

Module: userdomain

Policy for user domains

userdom_dontaudit_use_sysadm_terms(
	
		domain
		
	)

Do not audit attempts to use admin ttys and ptys.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_dontaudit_use_unpriv_user_fd(
	
		domain
		
	)

Do not audit attempts to inherit the file descriptors from all user domains.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_read_all_user_data(
	
		domain
		
	)

Read all files in all users home directories.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_search_all_users_home(
	
		domain
		
	)

Search all users home directories.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_shell_domtrans_sysadm(
	
		domain
		
	)

Execute a shell in the sysadm domain.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_signal_all_users(
	
		domain
		
	)

Send general signals to all user domains.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_spec_domtrans_all_users(
	
		domain
		
	)

Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_use_all_user_fd(
	
		domain
		
	)

Inherit the file descriptors from all user domains

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_use_sysadm_terms(
	
		domain
		
	)

Read and write administrative users physical and pseudo terminals.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

userdom_use_unpriv_users_fd(
	
		domain
		
	)

Inherit the file descriptors from all user domains.

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No