Policy for filesystems.
This module is required to be included in all policies.
Associate the specified file type to persistent filesystems with extended attributes. This allows a file of this type to be created on a filesystem such as ext3, JFS, and XFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| file_type | The type of the to be associated. | No | 
Associate the specified file type to filesystems which lack extended attributes support. This allows a file of this type to be created on a filesystem such as FAT32, and NFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| file_type | The type of the to be associated. | No | 
Allow the type to associate to tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| type | The type of the object to be associated. | No | 
Execute a file on a CIFS or SMB filesystem in the specified domain.
Execute a file on a CIFS or SMB filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle home directories on CIFS/SMB filesystems, in particular used by the ssh-agent policy.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
| target_domain | The type of the new process. | No | 
Summary is missing!
| Parameter: | Description: | Optional: | 
|---|---|---|
| ? | Parameter descriptions are missing! | No | 
Do not audit attempts to get the attributes of all files with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Do not audit attempts to get the attributes all filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain to not audit. | No | 
Do not audit attempts to get the attributes of all named pipes with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Do not audit attempts to get the attributes of all named sockets with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Do not audit attempts to get the attributes of all symbolic links with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Do not audit attempts to get the attributes of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain to not audit. | No | 
Do not audit attempts to list the contents of directories on a CIFS or SMB filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain to not audit. | No | 
Do not audit attempts to list the contents of directories on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain to not audit. | No | 
Do not audit attempts to list the contents of generic tmpfs directories.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain to not audit. | No | 
Do not audit attempts to create, read, write, and delete directories on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the directories. | No | 
Do not audit attempts to create, read, write, and delete files on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain to not audit. | No | 
Do not audit attempts to create, read, write, and delete directories on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain to not audit. | No | 
Do not audit attempts to create, read, write, and delete files on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain to not audit. | No | 
Do not audit attempts to read files on a CIFS or SMB filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain to not audit. | No | 
Do not audit attempts to read files on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain to not audit. | No | 
Do not audit attempts to read or write files on a CIFS or SMB filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain to not audit. | No | 
Do not audit attempts to read or write files on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain to not audit. | No | 
Execute files on a filesystem that does not support extended attributes.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Execute files on a CIFS or SMB network filesystem, in the caller domain.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain executing the files. | No | 
Execute files on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain executing the files. | No | 
Get the quotas of all filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain getting quotas. | No | 
Get the filesystem quotas of a filesystem with extended attributes.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Get the quotas of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain getting quotas. | No | 
Get the attributes of all files with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Get the attributes of all persistent filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of all named pipes with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Get the attributes of all named sockets with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Get the attributes of all symbolic links with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Get the attributes of an automount pseudo filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a DOS filesystem, such as FAT32 or NTFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of an iso9660 filesystem, which is usually used on CDs.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a NFS server pseudo filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a RAM filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a ROM filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a RPC pipe filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of a tmpfs filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Get the attributes of tmpfs directories.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Get the attributes of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
List all directories with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
List the contents of directories on a CIFS or SMB filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain reading the files. | No | 
List the contents of generic tmpfs directories.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Transform specified type into a filesystem type which does not have extended attribute support.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Create, read, write, and delete directories on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the directories. | No | 
Create, read, write, and delete files on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the files. | No | 
Create, read, write, and delete named pipes on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the pipes. | No | 
Create, read, write, and delete named sockets on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the sockets. | No | 
Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the symbolic links. | No | 
Create, read, write, and delete directories on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the directories. | No | 
Create, read, write, and delete files on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the files. | No | 
Create, read, write, and delete named pipes on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the pipes. | No | 
Create, read, write, and delete named sockets on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the sockets. | No | 
Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain managing the symbolic links. | No | 
Read and write, create and delete block nodes on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Read and write, create and delete character nodes on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Create, read, write, and delete tmpfs directories
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Read and write, create and delete generic files on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Read and write, create and delete socket files on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Read and write, create and delete symbolic links on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Mount all filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount an automount pseudo filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a DOS filesystem, such as FAT32 or NTFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount an iso9660 filesystem, which is usually used on CDs.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a NFS server pseudo filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a RAM filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a ROM filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a RPC pipe filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a tmpfs filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Mount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Execute a file on a NFS filesystem in the specified domain.
Execute a file on a NFS filesystem in the specified domain. This allows the specified domain to execute any file on a NFS filesystem in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle home directories on NFS filesystems, in particular used by the ssh-agent policy.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
| target_domain | The type of the new process. | No | 
Read files on a CIFS or SMB filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain reading the files. | No | 
Do not audit attempts to read or write files on a CIFS or SMB filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain to not audit. | No | 
Read symbolic links on a CIFS or SMB filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain reading the symbolic links. | No | 
Read files on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain reading the files. | No | 
Read symbolic links on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain reading the symbolic links. | No | 
Register an interpreter for new binary file types, using the kernel binfmt_misc support. A common use for this is to register a JVM as an interpreter for Java byte code. Registered binaries can be directly executed on a command line without specifying the interpreter.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain registering the interpreter. | No | 
Relabel block nodes on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Relabel character nodes on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Relabelfrom all filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain doing the getattr on the filesystem. | No | 
Allow changing of the label of a DOS filesystem using the context= mount option.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Allow changing of the label of a filesystem with extended attributes using the context= mount option.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Remount all filesystems. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Remount an automount pseudo filesystem This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount a CIFS or SMB network filesystem. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Remount a DOS filesystem, such as FAT32 or NTFS. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount an iso9660 filesystem, which is usually used on CDs. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount a NFS filesystem. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Mount a NFS server pseudo filesystem. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount a RAM filesystem. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount a ROM filesystem. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount a RPC pipe filesystem. This allows some mount option to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount a tmpfs filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Remount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS. This allows some mount options to be changed.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain remounting the filesystem. | No | 
Search all directories with a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Search automount filesystem to use automatically mounted filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain performing this action. | No | 
Search directories on a CIFS or SMB filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain reading the files. | No | 
Search directories on a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain reading the files. | No | 
Search directories on a ramfs
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Search tmpfs directories.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Set the quotas of all filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain setting quotas. | No | 
Set the filesystem quotas of a filesystem with extended attributes.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Set the attributes of tmpfs directories.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Transform specified type into a filesystem type.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Unconfined access to filesystems
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No | 
Unmount all filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount an automount pseudo filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a CIFS or SMB network filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain mounting the filesystem. | No | 
Unmount a DOS filesystem, such as FAT32 or NTFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount an iso9660 filesystem, which is usually used on CDs.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a NFS filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a NFS server pseudo filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a RAM filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a ROM filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a RPC pipe filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a tmpfs filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Unmount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the domain unmounting the filesystem. | No | 
Read and write block nodes on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Read and write character nodes on tmpfs filesystems.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | The type of the process performing this action. | No | 
Write to named socket on a ramfs filesystem.
| Parameter: | Description: | Optional: | 
|---|---|---|
| domain | Domain allowed access. | No |