Layer: kernel

Module: corecommands

Description:

Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin.

This module is required to be included in all policies.

Interfaces:

corecmd_bin_alias( domain )
Summary

Create a aliased type to generic bin files.

Description

Create a aliased type to generic bin files.

This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.

Parameters
Parameter:Description:Optional:
domain

Alias type for bin_t.

No
corecmd_bin_domtrans( domain , target_domain )
Summary

Execute a file in a bin directory in the specified domain.

Description

Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the ssh-agent policy.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
target_domain

The type of the new process.

No
corecmd_bin_spec_domtrans( domain , target_domain )
Summary

Execute a file in a bin directory in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the userhelper policy.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
target_domain

The type of the new process.

No
corecmd_check_exec_shell( domain )
Summary

Check if a shell is executable (DAC-wise).

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_dontaudit_getattr_sbin_files( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_dontaudit_search_sbin( domain )
Summary

Do not audit attempts to search sbin directories.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
corecmd_exec_bin( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_exec_chroot( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_exec_ls( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_exec_sbin( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_exec_shell( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_getattr_bin_files( domain )
Summary

Get the attributes of files in bin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_getattr_sbin_files( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_list_bin( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_list_sbin( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_manage_bin_files( domain )
Summary

Create, read, write, and delete bin files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_manage_sbin_files( domain )
Summary

Create, read, write, and delete sbin files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_mmap_bin_files( domain )
Summary

Mmap a bin file as executable.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_mmap_sbin_files( domain )
Summary

Mmap a sbin file as executable.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_bin_files( domain )
Summary

Read files in bin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_bin_pipes( domain )
Summary

Read pipes in bin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_bin_sockets( domain )
Summary

Read named sockets in bin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_bin_symlinks( domain )
Summary

Read symbolic links in bin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_sbin_files( domain )
Summary

Read files in sbin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_sbin_pipes( domain )
Summary

Read named pipes in sbin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_sbin_sockets( domain )
Summary

Read named sockets in sbin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_read_sbin_symlinks( domain )
Summary

Read symbolic links in sbin directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_relabel_bin_files( domain )
Summary

Relabel to and from the bin type.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_relabel_sbin_files( domain )
Summary

Relabel to and from the sbin type.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
corecmd_sbin_domtrans( domain , target_domain )
Summary

Execute a file in a sbin directory in the specified domain.

Description

Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the ssh-agent policy.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
target_domain

The type of the new process.

No
corecmd_sbin_spec_domtrans( domain , target_domain )
Summary

Execute a file in a sbin directory in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the userhelper policy.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
target_domain

The type of the new process.

No
corecmd_search_bin( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_search_sbin( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
?

Parameter descriptions are missing!

No
corecmd_shell_domtrans( domain , target_domain )
Summary

Execute a shell in the specified domain.

Description

Execute a shell in the specified domain.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
target_domain

The type of the shell process.

No
corecmd_shell_entry_type( domain )
Summary

Make the shell an entrypoint for the specified domain.

Parameters
Parameter:Description:Optional:
domain

The domain for which the shell is an entrypoint.

No
corecmd_shell_spec_domtrans( domain , target_domain )
Summary

Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
target_domain

The type of the shell process.

No
Return