Layer: system

Module: userdomain

Description:

Policy for user domains

Interfaces:

userdom_bin_spec_domtrans_sysadm(
	
		domain
		
	)

Summary

Execute a generic bin program in the sysadm domain.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_bin_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute bin_t in the unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_dbus_send_all_users(
	
		domain
		
	)

Summary

Send a dbus message to all user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_dontaudit_append_staff_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to append to the staff users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_getattr_sysadm_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_getattr_sysadm_ttys(
	
		domain
		
	)

Summary

Do not audit attepts to get the attributes of sysadm ttys.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_dontaudit_list_sysadm_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to list the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_read_sysadm_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to search the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_relabelfrom_unpriv_users_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to relabel files from unprivileged user pty types.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_dontaudit_search_all_users_home_content(
	
		domain
		
	)

Summary

Do not audit attempts to search all users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_search_generic_user_home_dirs(
	
		domain
		
	)

Summary

Don't audit search on the user home subdirectory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_dontaudit_search_staff_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search the staff users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_search_sysadm_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_use_all_users_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit the file descriptors from any user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_use_sysadm_ptys(
	
		domain
		
	)

Summary

Dont audit attempts to read and write sysadm ptys.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_use_sysadm_terms(
	
		domain
		
	)

Summary

Do not audit attempts to use sysadm ttys and ptys.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_use_sysadm_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to use sysadm ttys.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_use_unpriv_user_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit the file descriptors from all user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_dontaudit_use_unpriv_users_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to use unprivileged user ptys.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_dontaudit_use_unpriv_users_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to use unprivileged user ttys.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_entry_spec_domtrans_sysadm(
	
		domain
		
	)

Summary

Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_entry_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute all entrypoint files in unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_generic_user_home_dir_filetrans_generic_user_home_content(
	
		domain
		
			,
		
		object_class
		
	)

Summary

Create objects in generic user home directories with automatic file type transition.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
object_class	The class of the object to be created. If not specified, file is used.	No

userdom_getattr_all_users(
	
		domain
		
	)

Summary

Get the attributes of all user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_getattr_sysadm_home_dirs(
	
		domain
		
	)

Summary

Get the attributes of the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_home_filetrans_generic_user_home_dir(
	
		domain
		
	)

Summary

Create generic user home directories with automatic file type transition.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_list_all_users_home_dirs(
	
		domain
		
	)

Summary

List all users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_list_sysadm_home_dirs(
	
		domain
		
	)

Summary

List the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_list_unpriv_users_tmp(
	
		domain
		
	)

Summary

Read all unprivileged users temporary directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_all_users_home_content_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete all directories in all users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_all_users_home_content_files(
	
		domain
		
	)

Summary

Create, read, write, and delete all files in all users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_all_users_home_content_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete all symlinks in all users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_generic_user_home_content_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete subdirectories of generic user home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_generic_user_home_content_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in generic user home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_generic_user_home_content_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes in generic user home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_generic_user_home_content_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets in generic user home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_generic_user_home_content_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in generic user home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_unpriv_user_semaphores(
	
		domain
		
	)

Summary

Manage unpriviledged user SysV sempaphores.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_manage_unpriv_user_shared_mem(
	
		domain
		
	)

Summary

Manage unpriviledged user SysV shared memory segments.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_priveleged_home_dir_manager(
	
		domain
		
	)

Summary

Make the specified domain a privileged home directory manager.

Description

Make the specified domain a privileged home directory manager. This domain will be able to manage the contents of all users general home directory content, and create files with the correct context.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_all_tmp_untrusted_content(
	
		domain
		
	)

Summary

Read all user temporary untrusted content files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_all_untrusted_content(
	
		domain
		
	)

Summary

Read all user untrusted content files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_all_users_home_content_files(
	
		domain
		
	)

Summary

Read all files in all users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_all_users_state(
	
		domain
		
	)

Summary

Read the process state of all user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_staff_home_content_files(
	
		domain
		
	)

Summary

Read files in the staff users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_sysadm_home_content_files(
	
		domain
		
	)

Summary

Read files in the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_unpriv_users_home_content_files(
	
		domain
		
	)

Summary

Read all unprivileged users home directory files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_unpriv_users_tmp_files(
	
		domain
		
	)

Summary

Read all unprivileged users temporary files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_read_unpriv_users_tmp_symlinks(
	
		domain
		
	)

Summary

Read all unprivileged users temporary symbolic links.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_relabelto_unpriv_users_ptys(
	
		domain
		
	)

Summary

Relabel files to unprivileged user pty types.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_rw_sysadm_pipes(
	
		domain
		
	)

Summary

Read and write sysadm user unnamed pipes.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_sbin_spec_domtrans_sysadm(
	
		domain
		
	)

Summary

Execute a generic sbin program in the sysadm domain.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_sbin_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute generic sbin programs in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_search_all_users_home_content(
	
		domain
		
	)

Summary

Search all users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_search_generic_user_home_dirs(
	
		domain
		
	)

Summary

Search generic user home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_search_staff_home_dirs(
	
		domain
		
	)

Summary

Search the staff users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_search_sysadm_home_content_dirs(
	
		domain
		
	)

Summary

Search the sysadm users home sub directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_search_sysadm_home_dirs(
	
		domain
		
	)

Summary

Search the sysadm users home directory.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

userdom_search_unpriv_users_home_dirs(
	
		domain
		
	)

Summary

Search all unprivileged users home directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_setattr_unpriv_users_ptys(
	
		domain
		
	)

Summary

Set the attributes of user ptys.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_shell_domtrans_sysadm(
	
		domain
		
	)

Summary

Execute a shell in the sysadm domain.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_sigchld_all_users(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to all user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_sigchld_sysadm(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to sysadm users.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_signal_all_users(
	
		domain
		
	)

Summary

Send general signals to all user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_signal_unpriv_users(
	
		domain
		
	)

Summary

Send general signals to unprivileged user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_spec_domtrans_all_users(
	
		domain
		
	)

Summary

Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute a shell in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_sysadm_home_dir_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object_class
		
	)

Summary

Create objects in sysadm home directories with automatic file type transition.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
private type	The type of the object to be created.	No
object_class	The class of the object to be created. If not specified, file is used.	No

userdom_unconfined(
	
		domain
		
	)

Summary

Unconfined access to user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_use_all_users_fds(
	
		domain
		
	)

Summary

Inherit the file descriptors from all user domains

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_use_sysadm_fds(
	
		domain
		
	)

Summary

Inherit and use sysadm file descriptors

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_use_sysadm_ptys(
	
		domain
		
	)

Summary

Read and write sysadm ptys.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_use_sysadm_terms(
	
		domain
		
	)

Summary

Read and write sysadm ttys and ptys.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_use_sysadm_ttys(
	
		domain
		
	)

Summary

Read and write sysadm ttys.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_use_unpriv_users_fds(
	
		domain
		
	)

Summary

Inherit the file descriptors from unprivileged user domains.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_use_unpriv_users_ptys(
	
		domain
		
	)

Summary

Read and write unprivileged user ptys.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_write_unpriv_users_tmp_files(
	
		domain
		
	)

Summary

Write all unprivileged users files in /tmp

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_xsession_spec_domtrans_all_users(
	
		domain
		
	)

Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

userdom_xsession_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

Return

Templates:

admin_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating an administrative user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

The privileges given to administrative users are:

Raw disk access

Set all sysctls

All kernel ring buffer controls

Set SELinux enforcement mode (enforcing/permissive)

Set SELinux booleans

Relabel all files but shadow

Create, read, write, and delete all files but shadow

Manage source and binary format SELinux policy

Run insmod

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., sysadm is the prefix for sysadm_t).	No

base_user_template(
	
		userdomain_prefix
		
	)

Summary

The template containing rules common to unprivileged users and administrative users.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

This generally should not be used, rather the unpriv_user_template or admin_user_template should be used.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No

unpriv_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a unprivileged user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No

userdom_create_user_pty(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create a user pty.

Description

Create a user pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_dontaudit_append_user_tmp_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to append users temporary files.

Description

Do not audit attempts to append users temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_exec_user_home_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to execute user home files.

Description

Do not audit attempts to execute user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_dontaudit_list_user_home_dirs(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to list user home subdirectories.

Description

Do not audit attempts to list user home subdirectories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit	No

userdom_dontaudit_list_user_tmp(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to list user temporary directories.

Description

Do not audit attempts to list user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_list_user_tmp_untrusted_content(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to list user temporary untrusted directories.

Description

Do not audit attempts to list user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_list_user_untrusted_content(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to list user untrusted directories.

Description

Do not audit attempts to read user untrusted directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_read_user_home_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to read user home files.

Description

Do not audit attempts to read user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_read_user_tmp_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to read users temporary files.

Description

Do not audit attempts to read users temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_read_user_tmp_untrusted_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to read users temporary untrusted files.

Description

Do not audit attempts to read users temporary untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_read_user_untrusted_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to read users untrusted files.

Description

Do not audit attempts to read users untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_dontaudit_setattr_user_home_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to set the attributes of user home files.

Description

Do not audit attempts to set the attributes of user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_dontaudit_use_user_terminals(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to read and write a user domain tty and pty.

Description

Do not audit attempts to read and write a user domain tty and pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_dontaudit_write_user_home_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Do not audit attempts to write user home files.

Description

Do not audit attempts to write user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain to not audit.	No

userdom_exec_user_home_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Execute user home files.

Description

Execute user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_list_user_home_dirs(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

List user home directories.

Description

List user home directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_list_user_tmp(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

List user temporary directories.

Description

List user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_list_user_tmp_untrusted_content(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

List users temporary untrusted directories.

Description

List users temporary untrusted directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_list_user_untrusted_content(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

List users untrusted directories.

Description

List users untrusted directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_home_content_dirs(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete directories in a user home subdirectory.

Description

Create, read, write, and delete directories in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_home_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete files in a user home subdirectory.

Description

Create, read, write, and delete files in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_home_content_pipes(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete named pipes in a user home subdirectory.

Description

Create, read, write, and delete named pipes in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_home_content_sockets(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete named sockets in a user home subdirectory.

Description

Create, read, write, and delete named sockets in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_home_content_symlinks(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in a user home subdirectory.

Description

Create, read, write, and delete symbolic links in a user home subdirectory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_tmp_dirs(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete user temporary directories.

Description

Create, read, write, and delete user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_tmp_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete user temporary files.

Description

Create, read, write, and delete user temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_tmp_pipes(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete user temporary named pipes.

Description

Create, read, write, and delete user temporary named pipes.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_tmp_sockets(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete user temporary named sockets.

Description

Create, read, write, and delete user temporary named sockets.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_manage_user_tmp_symlinks(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Create, read, write, and delete user temporary symbolic links.

Description

Create, read, write, and delete user temporary symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_home_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user home files.

Description

Read user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_home_content_symlinks(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user home subdirectory symbolic links.

Description

Read user home subdirectory symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_tmp_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user temporary files.

Description

Read user temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_tmp_symlinks(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user temporary symbolic links.

Description

Read user temporary symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_tmp_untrusted_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user temporary untrusted files.

Description

Read user temporary untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_tmp_untrusted_content_symlinks(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user temporary untrusted symbolic links.

Description

Read user temporary untrusted symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_untrusted_content_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user untrusted files.

Description

Read user untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_read_user_untrusted_content_symlinks(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user untrusted symbolic links.

Description

Read user untrusted symbolic links.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_rw_user_tmp_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read and write user temporary files.

Description

Read and write user temporary files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_rw_user_tmpfs_files(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read user tmpfs files.

Description

Read user tmpfs files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_search_user_home_dirs(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Search user home directories.

Description

Search user home directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_setattr_user_ptys(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Set the attributes of a user pty.

Description

Set the attributes of a user pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_setattr_user_ttys(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Set the attributes of a user domain tty.

Description

Set the attributes of a user domain tty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_use_user_terminals(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read and write a user domain tty and pty.

Description

Read and write a user domain tty and pty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_use_user_ttys(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Read and write a user domain tty.

Description

Read and write a user domain tty.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

userdom_user_home_content(
	
		userdomain_prefix
		
			,
		
		type
		
	)

Summary

Make the specified type usable in a user home directory.

Description

Make the specified type usable in a user home directory.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
type	Type to be used as a file in the user home directory.	No

userdom_user_home_dir_filetrans(
	
		userdomain_prefix
		
			,
		
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
	)

Summary

Create objects in a user home directory with an automatic type transition to a specified private type.

Description

Create objects in a user home directory with an automatic type transition to a specified private type.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No
private_type	The type of the object to create.	No
object_class	The class of the object to be created. If not specified, file is used.	No

userdom_user_home_dir_filetrans_user_home_content(
	
		userdomain_prefix
		
			,
		
		domain
		
			,
		
		object_class
		
	)

Summary

Create objects in a user home directory with an automatic type transition to the user home file type.

Description

Create objects in a user home directory with an automatic type transition to the user home file type.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No
object_class	The class of the object to be created. If not specified, file is used.	No

userdom_user_home_domtrans(
	
		userdomain_prefix
		
			,
		
		source_domain
		
			,
		
		target_domain
		
	)

Summary

Do a domain transition to the specified domain when executing a program in the user home directory.

Description

Do a domain transition to the specified domain when executing a program in the user home directory.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
source_domain	Domain allowed access.	No
target_domain	Domain to transition to.	No

userdom_write_user_tmp_sockets(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Write to user temporary named sockets.

Description

Write to user temporary named sockets.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:	Optional:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).	No
domain	Domain allowed access.	No

Return