Layer: kernel

Module: storage

Description:

Policy controlling access to storage devices

Interfaces:

storage_create_fixed_disk( domain )
Summary

Create block devices in /dev with the fixed disk type.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_create_fixed_disk_tmpfs( domain )
Summary

Create fixed disk device nodes on a tmpfs filesystem.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_dontaudit_getattr_fixed_disk( domain )
Summary

Do not audit attempts made by the caller to get the attributes of fixed disk device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process to not audit. No
storage_dontaudit_getattr_removable_device( domain )
Summary

Do not audit attempts made by the caller to get the attributes of removable devices device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process to not audit. No
storage_dontaudit_read_fixed_disk( domain )
Summary

Do not audit attempts made by the caller to read fixed disk device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process to not audit. No
storage_dontaudit_read_removable_device( domain )
Summary

Do not audit attempts made by the caller to read removable devices device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process to not audit. No
storage_dontaudit_setattr_fixed_disk( domain )
Summary

Do not audit attempts made by the caller to set the attributes of fixed disk device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process to not audit. No
storage_dontaudit_setattr_removable_device( domain )
Summary

Do not audit attempts made by the caller to set the attributes of removable devices device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process to not audit. No
storage_getattr_fixed_disk( domain )
Summary

Allow the caller to get the attributes of fixed disk device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_getattr_removable_device( domain )
Summary

Allow the caller to get the attributes of removable devices device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_getattr_scsi_generic( domain )
Summary

Allow the caller to get the attributes of the generic SCSI interface device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_getattr_scsi_generic( domain )
Summary

Get attributes of the device nodes for the SCSI generic inerface.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_getattr_tape_device( domain )
Summary

Allow the caller to get the attributes of device nodes of tape devices.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_manage_fixed_disk( domain )
Summary

Create, read, write, and delete fixed disk device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_raw_read_fixed_disk( domain )
Summary

Allow the caller to directly read from a fixed disk. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_raw_read_lvm_volume( domain )
Summary

Allow the caller to directly read from a logical volume. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_raw_read_removable_device( domain )
Summary

Allow the caller to directly read from a removable device. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_raw_write_fixed_disk( domain )
Summary

Allow the caller to directly write to a fixed disk. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_raw_write_lvm_volume( domain )
Summary

Allow the caller to directly read from a logical volume. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_raw_write_removable_device( domain )
Summary

Allow the caller to directly write to a removable device. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_read_scsi_generic( domain )
Summary

Allow the caller to directly read, in a generic fashion, from any SCSI device. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_read_tape_device( domain )
Summary

Allow the caller to directly read a tape device.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_relabel_fixed_disk( domain )
Summary

Relabel fixed disk device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_set_scsi_generic_attributes( domain )
Summary

Set attributes of the device nodes for the SCSI generic inerface.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_setattr_fixed_disk( domain )
Summary

Allow the caller to set the attributes of fixed disk device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_setattr_removable_device( domain )
Summary

Allow the caller to set the attributes of removable devices device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_setattr_scsi_generic( domain )
Summary

Allow the caller to set the attributes of the generic SCSI interface device nodes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_setattr_tape_device( domain )
Summary

Allow the caller to set the attributes of device nodes of tape devices.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_swapon_fixed_disk( domain )
Summary

Enable a fixed disk device as swap space

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_unconfined( domain )
Summary

Unconfined access to storage devices.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
storage_write_scsi_generic( domain )
Summary

Allow the caller to directly write, in a generic fashion, from any SCSI device. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
storage_write_tape_device( domain )
Summary

Allow the caller to directly read a tape device.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
Return