This module contains basic filesystem types and interfaces. This includes:
The concept of different file types including basic files, mount points, tmp files, etc.
Access to groups of files and all files.
Types and interfaces for the basic filesystem layout (/, /etc, /tmp, /usr, etc.).
This module is required to be included in all policies.
Allow the specified type to associate to a filesystem with the type of the temporary directory (/tmp).
Parameter: | Description: | Optional: |
---|---|---|
file_type | Type of the file to associate. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Create home directories
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
home_type | The type of the home directory | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Create an object in the root directory, with a private type. If no object class is specified, the default is file.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
private type | The type of the object to be created. If no type is specified, the type of the root directory will be used. | yes |
object | The object class of the object being created. If no class is specified, file will be used. | yes |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Create objects in the /usr directory
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
file_type | The type of the object to be created | No |
object_class | The object class. If not specified, file is used. | yes |
Create objects in the /var directory
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
file_type | The type of the object to be created | No |
object_class | The object class. If not specified, file is used. | yes |
Create objects in the /var/lib directory
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
file_type | The type of the object to be created | No |
object_class | The object class. If not specified, file is used. | yes |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Delete system configuration files in /etc.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Do not audit attempts to get the attributes of all directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of all files.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of all named pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of all named sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of all symbolic links.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of directories with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of files with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of the home directories root (/home).
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of non security block devices.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of non security character devices.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of non security files.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of non security named pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of non security named sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of non security symbolic links.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of the /var/run directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of the tmp directory (/tmp).
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Do not audit attempts to ioctl daemon runtime data files.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Do not audit attempts to list contents of directories with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to list all non security directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to read files with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to read files in /etc that are dynamically created on boot, such as mtab.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Do not audit attempts to search home directories root (/home).
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to search directories on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Do not audit attempts to search the locks directory (/var/lock).
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to search the /var/run directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Do not audit attempts to search the contents of /var.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to write to daemon runtime data files.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Execute generic programs in /usr in the caller domain.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Execute programs in /usr/src in the caller domain.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Get the attributes of all directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Get the attributes of all files.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Get the attributes of all named pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Get the attributes of all named sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Get the attributes of all symbolic links.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Get the attributes of the home directories root (/home).
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Get the attributes of files in /usr.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Get the attributes of the /var/lib directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
List the contents of all directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
List contents of directories with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Get listing of home directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
List the contents of directories on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
List the contents of generic directories in /usr.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
List the contents of /var.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
List the contents of the /var/lib directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
List world-readable directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Manage all files on the filesystem, except the listed exceptions.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain perfoming this action. | No |
exception_types | The types to be excluded. Each type or attribute must be negated by the caller. | yes |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Create, read, write, and delete files in /etc that are dynamically created on boot, such as mtab.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Create, read, write, and delete block device nodes on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Create, read, write, and delete character device nodes on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Create, read, write, and delete directories on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Create, read, write, and delete files on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Create, read, write, and delete symbolic links on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Create, read, write, and delete objects in lost+found directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Create, read, write, and delete directories in /mnt.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, read, write, and delete files in /mnt.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, read, write, and delete symbolic links in /mnt.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Create, read, write, and delete directories in the /var directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, read, write, and delete files in the /var directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Create, read, write, and delete symbolic links in the /var directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Mount a filesystem on a directory with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Mount a filesystem on a directory on new filesystems that has not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Mount a filesystem on /mnt.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Make the specified type a polyinstantiated directory.
Parameter: | Description: | Optional: |
---|---|---|
file_type | Type of the file to be used as a polyinstantiated directory. | No |
Make the specified type a polyinstantiation member directory.
Parameter: | Description: | Optional: |
---|---|---|
file_type | Type of the file to be used as a member directory. | No |
Make the domain use the specified type of polyinstantiated directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain using the polyinstantiated directory. | No |
file_type | Type of the file to be used as a member directory. | No |
Make the specified type a parent of a polyinstantiated directory.
Parameter: | Description: | Optional: |
---|---|---|
file_type | Type of the file to be used as a parent directory. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read all files.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read all symbolic links.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read files with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read named pipes with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read sockets with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read symbolic links with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read files in /etc that are dynamically created on boot, such as mtab.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read files on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read symbolic links in /usr.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read files in the /var directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Read generic files in /var/lib.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read generic symbolic links in /var/lib
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read symbolic links in the /var directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read world-readable files.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read world-readable named pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read world-readable sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Read world-readable symbolic links.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Relabel all files on the filesystem, except the listed exceptions.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain perfoming this action. | No |
exception_types | The types to be excluded. Each type or attribute must be negated by the caller. | yes |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Relabel a file to the type used in /usr.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read and write files in /etc that are dynamically created on boot, such as mtab.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read and write block device nodes on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Read and write directories on new filesystems that have not yet been labeled.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Add and remove entries in the /var/lock directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Search all directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Search the contents of directories with the default file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Search home directories root (/home).
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Search the tmp directory (/tmp).
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Search the contents of /var.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Search the /var/lib directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Make the specified type a file that should not be dontaudited from browsing from user domains.
Parameter: | Description: | Optional: |
---|---|---|
file_type | Type of the file to be used as a member directory. | No |
Set the attributes of all tmp directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Set the attributes of the /etc directories.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Make the specified type a file used for temporary files.
Parameter: | Description: | Optional: |
---|---|---|
file_type | Type of the file to be used as a temporary file. | No |
Transform the type into a file, for use on a virtual memory filesystem (tmpfs).
Parameter: | Description: | Optional: |
---|---|---|
type | The type to be transformed. | No |
Make the specified type usable for files in a filesystem.
Parameter: | Description: | Optional: |
---|---|---|
type | Type to be used for files. | No |
Unconfined access to files.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |