Policy for kernel security interface, in particular, selinuxfs.
This module is required to be included in all policies.
Allows caller to compute an access vector.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type allowed to compute an access vector. | No |
Calculate the default type for object creation.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain allowed access. | No |
Allows caller to compute polyinstatntiated directory members.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain allowed access. | No |
Calculate the context for relabeling objects.
Calculate the context for relabeling objects. This is determined by using the type_change rules in the policy, and is generally used for determining the context for relabeling a terminal when a user logs in.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain allowed access. | No |
Allows caller to compute possible contexts for a user.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type allowed to compute user contexts. | No |
Do not audit attempts to get the attributes of the selinuxfs directory.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain to not audit. | No |
Do not audit attempts to read generic selinuxfs entries
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain to not audit. | No |
Do not audit attempts to search selinuxfs.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain to not audit. | No |
Allows the caller to get the mode of policy enforcement (enforcing or permissive mode).
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type to allow to get the enforcing mode. | No |
Gets the caller the mountpoint of the selinuxfs filesystem.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type requesting the selinuxfs mountpoint. | No |
Allow caller to load the policy into the kernel.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type that will load the policy. | No |
Search selinuxfs.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain allowed access. | No |
Allow caller to set the state of Booleans to enable or disable conditional portions of the policy.
Allow caller to set the state of Booleans to enable or disable conditional portions of the policy.
Since this is a security event, this action is always audited.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type allowed to set the Boolean. | No |
Allow caller to set the mode of policy enforcement (enforcing or permissive mode).
Allow caller to set the mode of policy enforcement (enforcing or permissive mode).
Since this is a security event, this action is always audited.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type to allow to set the enforcement mode. | No |
Allow caller to set SELinux access vector cache parameters.
Allow caller to set SELinux access vector cache parameters. The allows the domain to set performance related parameters of the AVC, such as cache threshold.
Since this is a security event, this action is always audited.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type to allow to set security parameters. | No |
Unconfined access to the SELinux kernel security server.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
Domain allowed access. | No |
Allows caller to validate security contexts.
| Parameter: | Description: | Optional: |
|---|---|---|
| domain |
The process type permitted to validate contexts. | No |