Layer: system

Module: userdomain

Interfaces Templates

Description:

Policy for user domains

Interfaces:

userdom_bin_spec_domtrans_sysadm( domain )
Summary

Execute a generic bin program in the sysadm domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_bin_spec_domtrans_unpriv_users( domain )
Summary

Execute bin_t in the unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_dbus_send_all_users( domain )
Summary

Send a dbus message to all user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_dontaudit_append_staff_home_content_files( domain )
Summary

Do not audit attempts to append to the staff users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_getattr_sysadm_home_dirs( domain )
Summary

Do not audit attempts to get the attributes of the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_getattr_sysadm_ttys( domain )
Summary

Do not audit attepts to get the attributes of sysadm ttys.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_dontaudit_list_sysadm_home_dirs( domain )
Summary

Do not audit attempts to list the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_read_sysadm_home_content_files( domain )
Summary

Do not audit attempts to search the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_relabelfrom_unpriv_users_ptys( domain )
Summary

Do not audit attempts to relabel files from unprivileged user pty types.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_dontaudit_search_all_users_home_content( domain )
Summary

Do not audit attempts to search all users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_search_generic_user_home_dirs( domain )
Summary

Don't audit search on the user home subdirectory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_dontaudit_search_staff_home_dirs( domain )
Summary

Do not audit attempts to search the staff users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_search_sysadm_home_dirs( domain )
Summary

Do not audit attempts to search the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_use_all_users_fds( domain )
Summary

Do not audit attempts to inherit the file descriptors from any user domains.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_use_sysadm_ptys( domain )
Summary

Dont audit attempts to read and write sysadm ptys.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_use_sysadm_terms( domain )
Summary

Do not audit attempts to use sysadm ttys and ptys.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_use_sysadm_ttys( domain )
Summary

Do not audit attempts to use sysadm ttys.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_use_unpriv_user_fds( domain )
Summary

Do not audit attempts to inherit the file descriptors from all user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_dontaudit_use_unpriv_users_ptys( domain )
Summary

Do not audit attempts to use unprivileged user ptys.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_dontaudit_use_unpriv_users_ttys( domain )
Summary

Do not audit attempts to use unprivileged user ttys.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_entry_spec_domtrans_sysadm( domain )
Summary

Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_entry_spec_domtrans_unpriv_users( domain )
Summary

Execute all entrypoint files in unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_generic_user_home_dir_filetrans_generic_user_home_content( domain , object_class )
Summary

Create objects in generic user home directories with automatic file type transition.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
object_class

The class of the object to be created. If not specified, file is used.

No
userdom_getattr_all_users( domain )
Summary

Get the attributes of all user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_getattr_sysadm_home_dirs( domain )
Summary

Get the attributes of the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_home_filetrans_generic_user_home_dir( domain )
Summary

Create generic user home directories with automatic file type transition.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_list_all_users_home_dirs( domain )
Summary

List all users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_list_sysadm_home_dirs( domain )
Summary

List the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_list_unpriv_users_tmp( domain )
Summary

Read all unprivileged users temporary directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_all_users_home_content_dirs( domain )
Summary

Create, read, write, and delete all directories in all users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_all_users_home_content_files( domain )
Summary

Create, read, write, and delete all files in all users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_all_users_home_content_symlinks( domain )
Summary

Create, read, write, and delete all symlinks in all users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_generic_user_home_content_dirs( domain )
Summary

Create, read, write, and delete subdirectories of generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_generic_user_home_content_files( domain )
Summary

Create, read, write, and delete files in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_generic_user_home_content_pipes( domain )
Summary

Create, read, write, and delete named pipes in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_generic_user_home_content_sockets( domain )
Summary

Create, read, write, and delete named sockets in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_generic_user_home_content_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_unpriv_user_semaphores( domain )
Summary

Manage unpriviledged user SysV sempaphores.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_manage_unpriv_user_shared_mem( domain )
Summary

Manage unpriviledged user SysV shared memory segments.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_priveleged_home_dir_manager( domain )
Summary

Make the specified domain a privileged home directory manager.

Description

Make the specified domain a privileged home directory manager. This domain will be able to manage the contents of all users general home directory content, and create files with the correct context.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_all_tmp_untrusted_content( domain )
Summary

Read all user temporary untrusted content files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_all_untrusted_content( domain )
Summary

Read all user untrusted content files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_all_users_home_content_files( domain )
Summary

Read all files in all users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_all_users_state( domain )
Summary

Read the process state of all user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_staff_home_content_files( domain )
Summary

Read files in the staff users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_sysadm_home_content_files( domain )
Summary

Read files in the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_unpriv_users_home_content_files( domain )
Summary

Read all unprivileged users home directory files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_unpriv_users_tmp_files( domain )
Summary

Read all unprivileged users temporary files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_read_unpriv_users_tmp_symlinks( domain )
Summary

Read all unprivileged users temporary symbolic links.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_relabelto_unpriv_users_ptys( domain )
Summary

Relabel files to unprivileged user pty types.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_rw_sysadm_pipes( domain )
Summary

Read and write sysadm user unnamed pipes.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_sbin_spec_domtrans_sysadm( domain )
Summary

Execute a generic sbin program in the sysadm domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_sbin_spec_domtrans_unpriv_users( domain )
Summary

Execute generic sbin programs in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_search_all_users_home_content( domain )
Summary

Search all users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_search_generic_user_home_dirs( domain )
Summary

Search generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_search_staff_home_dirs( domain )
Summary

Search the staff users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_search_sysadm_home_content_dirs( domain )
Summary

Search the sysadm users home sub directories.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_search_sysadm_home_dirs( domain )
Summary

Search the sysadm users home directory.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
userdom_search_unpriv_users_home_dirs( domain )
Summary

Search all unprivileged users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_setattr_unpriv_users_ptys( domain )
Summary

Set the attributes of user ptys.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_shell_domtrans_sysadm( domain )
Summary

Execute a shell in the sysadm domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_sigchld_all_users( domain )
Summary

Send a SIGCHLD signal to all user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_sigchld_sysadm( domain )
Summary

Send a SIGCHLD signal to sysadm users.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_signal_all_users( domain )
Summary

Send general signals to all user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_signal_unpriv_users( domain )
Summary

Send general signals to unprivileged user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_spec_domtrans_all_users( domain )
Summary

Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_spec_domtrans_unpriv_users( domain )
Summary

Execute a shell in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_sysadm_home_dir_filetrans( domain , private type , object_class )
Summary

Create objects in sysadm home directories with automatic file type transition.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
private type

The type of the object to be created.

No
object_class

The class of the object to be created. If not specified, file is used.

No
userdom_unconfined( domain )
Summary

Unconfined access to user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_use_all_users_fds( domain )
Summary

Inherit the file descriptors from all user domains

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_use_sysadm_fds( domain )
Summary

Inherit and use sysadm file descriptors

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_use_sysadm_ptys( domain )
Summary

Read and write sysadm ptys.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_use_sysadm_terms( domain )
Summary

Read and write sysadm ttys and ptys.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_use_sysadm_ttys( domain )
Summary

Read and write sysadm ttys.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_use_unpriv_users_fds( domain )
Summary

Inherit the file descriptors from unprivileged user domains.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_use_unpriv_users_ptys( domain )
Summary

Read and write unprivileged user ptys.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_write_unpriv_users_tmp_files( domain )
Summary

Write all unprivileged users files in /tmp

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_xsession_spec_domtrans_all_users( domain )
Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
userdom_xsession_spec_domtrans_unpriv_users( domain )
Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
Return

Templates:

admin_user_template( userdomain_prefix )
Summary

The template for creating an administrative user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

The privileges given to administrative users are:

  • Raw disk access

  • Set all sysctls

  • All kernel ring buffer controls

  • Set SELinux enforcement mode (enforcing/permissive)

  • Set SELinux booleans

  • Relabel all files but shadow

  • Create, read, write, and delete all files but shadow

  • Manage source and binary format SELinux policy

  • Run insmod

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., sysadm is the prefix for sysadm_t).

No
base_user_template( userdomain_prefix )
Summary

The template containing rules common to unprivileged users and administrative users.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

This generally should not be used, rather the unpriv_user_template or admin_user_template should be used.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
unpriv_user_template( userdomain_prefix )
Summary

The template for creating a unprivileged user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
userdom_create_user_pty( userdomain_prefix , domain )
Summary

Create a user pty.

Description

Create a user pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_dontaudit_append_user_tmp_files( userdomain_prefix , domain )
Summary

Do not audit attempts to append users temporary files.

Description

Do not audit attempts to append users temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_exec_user_home_content_files( userdomain_prefix , domain )
Summary

Do not audit attempts to execute user home files.

Description

Do not audit attempts to execute user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_dontaudit_list_user_home_dirs( userdomain_prefix , domain )
Summary

Do not audit attempts to list user home subdirectories.

Description

Do not audit attempts to list user home subdirectories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit

No
userdom_dontaudit_list_user_tmp( userdomain_prefix , domain )
Summary

Do not audit attempts to list user temporary directories.

Description

Do not audit attempts to list user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_list_user_tmp_untrusted_content( userdomain_prefix , domain )
Summary

Do not audit attempts to list user temporary untrusted directories.

Description

Do not audit attempts to list user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_list_user_untrusted_content( userdomain_prefix , domain )
Summary

Do not audit attempts to list user untrusted directories.

Description

Do not audit attempts to read user untrusted directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_read_user_home_content_files( userdomain_prefix , domain )
Summary

Do not audit attempts to read user home files.

Description

Do not audit attempts to read user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_read_user_tmp_files( userdomain_prefix , domain )
Summary

Do not audit attempts to read users temporary files.

Description

Do not audit attempts to read users temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_read_user_tmp_untrusted_content_files( userdomain_prefix , domain )
Summary

Do not audit attempts to read users temporary untrusted files.

Description

Do not audit attempts to read users temporary untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_read_user_untrusted_content_files( userdomain_prefix , domain )
Summary

Do not audit attempts to read users untrusted files.

Description

Do not audit attempts to read users untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_dontaudit_setattr_user_home_content_files( userdomain_prefix , domain )
Summary

Do not audit attempts to set the attributes of user home files.

Description

Do not audit attempts to set the attributes of user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_dontaudit_use_user_terminals( userdomain_prefix , domain )
Summary

Do not audit attempts to read and write a user domain tty and pty.

Description

Do not audit attempts to read and write a user domain tty and pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_dontaudit_write_user_home_content_files( userdomain_prefix , domain )
Summary

Do not audit attempts to write user home files.

Description

Do not audit attempts to write user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain to not audit.

No
userdom_exec_user_home_content_files( userdomain_prefix , domain )
Summary

Execute user home files.

Description

Execute user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_list_user_home_dirs( userdomain_prefix , domain )
Summary

List user home directories.

Description

List user home directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_list_user_tmp( userdomain_prefix , domain )
Summary

List user temporary directories.

Description

List user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_list_user_tmp_untrusted_content( userdomain_prefix , domain )
Summary

List users temporary untrusted directories.

Description

List users temporary untrusted directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_list_user_untrusted_content( userdomain_prefix , domain )
Summary

List users untrusted directories.

Description

List users untrusted directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_home_content_dirs( userdomain_prefix , domain )
Summary

Create, read, write, and delete directories in a user home subdirectory.

Description

Create, read, write, and delete directories in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_home_content_files( userdomain_prefix , domain )
Summary

Create, read, write, and delete files in a user home subdirectory.

Description

Create, read, write, and delete files in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_home_content_pipes( userdomain_prefix , domain )
Summary

Create, read, write, and delete named pipes in a user home subdirectory.

Description

Create, read, write, and delete named pipes in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_home_content_sockets( userdomain_prefix , domain )
Summary

Create, read, write, and delete named sockets in a user home subdirectory.

Description

Create, read, write, and delete named sockets in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_home_content_symlinks( userdomain_prefix , domain )
Summary

Create, read, write, and delete symbolic links in a user home subdirectory.

Description

Create, read, write, and delete symbolic links in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_tmp_dirs( userdomain_prefix , domain )
Summary

Create, read, write, and delete user temporary directories.

Description

Create, read, write, and delete user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_tmp_files( userdomain_prefix , domain )
Summary

Create, read, write, and delete user temporary files.

Description

Create, read, write, and delete user temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_tmp_pipes( userdomain_prefix , domain )
Summary

Create, read, write, and delete user temporary named pipes.

Description

Create, read, write, and delete user temporary named pipes.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_tmp_sockets( userdomain_prefix , domain )
Summary

Create, read, write, and delete user temporary named sockets.

Description

Create, read, write, and delete user temporary named sockets.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_manage_user_tmp_symlinks( userdomain_prefix , domain )
Summary

Create, read, write, and delete user temporary symbolic links.

Description

Create, read, write, and delete user temporary symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_home_content_files( userdomain_prefix , domain )
Summary

Read user home files.

Description

Read user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_home_content_symlinks( userdomain_prefix , domain )
Summary

Read user home subdirectory symbolic links.

Description

Read user home subdirectory symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_tmp_files( userdomain_prefix , domain )
Summary

Read user temporary files.

Description

Read user temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_tmp_symlinks( userdomain_prefix , domain )
Summary

Read user temporary symbolic links.

Description

Read user temporary symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_tmp_untrusted_content_files( userdomain_prefix , domain )
Summary

Read user temporary untrusted files.

Description

Read user temporary untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_tmp_untrusted_content_symlinks( userdomain_prefix , domain )
Summary

Read user temporary untrusted symbolic links.

Description

Read user temporary untrusted symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_untrusted_content_files( userdomain_prefix , domain )
Summary

Read user untrusted files.

Description

Read user untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_read_user_untrusted_content_symlinks( userdomain_prefix , domain )
Summary

Read user untrusted symbolic links.

Description

Read user untrusted symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_rw_user_tmp_files( userdomain_prefix , domain )
Summary

Read and write user temporary files.

Description

Read and write user temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_rw_user_tmpfs_files( userdomain_prefix , domain )
Summary

Read user tmpfs files.

Description

Read user tmpfs files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_search_user_home_dirs( userdomain_prefix , domain )
Summary

Search user home directories.

Description

Search user home directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_setattr_user_ptys( userdomain_prefix , domain )
Summary

Set the attributes of a user pty.

Description

Set the attributes of a user pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_setattr_user_ttys( userdomain_prefix , domain )
Summary

Set the attributes of a user domain tty.

Description

Set the attributes of a user domain tty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_use_user_terminals( userdomain_prefix , domain )
Summary

Read and write a user domain tty and pty.

Description

Read and write a user domain tty and pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_use_user_ttys( userdomain_prefix , domain )
Summary

Read and write a user domain tty.

Description

Read and write a user domain tty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
userdom_user_home_content( userdomain_prefix , type )
Summary

Make the specified type usable in a user home directory.

Description

Make the specified type usable in a user home directory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
type

Type to be used as a file in the user home directory.

No
userdom_user_home_dir_filetrans( userdomain_prefix , domain , private_type , object_class )
Summary

Create objects in a user home directory with an automatic type transition to a specified private type.

Description

Create objects in a user home directory with an automatic type transition to a specified private type.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
private_type

The type of the object to create.

No
object_class

The class of the object to be created. If not specified, file is used.

No
userdom_user_home_dir_filetrans_user_home_content( userdomain_prefix , domain , object_class )
Summary

Create objects in a user home directory with an automatic type transition to the user home file type.

Description

Create objects in a user home directory with an automatic type transition to the user home file type.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
object_class

The class of the object to be created. If not specified, file is used.

No
userdom_user_home_domtrans( userdomain_prefix , source_domain , target_domain )
Summary

Do a domain transition to the specified domain when executing a program in the user home directory.

Description

Do a domain transition to the specified domain when executing a program in the user home directory.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
source_domain

Domain allowed access.

No
target_domain

Domain to transition to.

No
userdom_write_user_tmp_sockets( userdomain_prefix , domain )
Summary

Write to user temporary named sockets.

Description

Write to user temporary named sockets.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
Return