# # Declarations for type attributes. # # A type attribute can be used to identify a set of types with a similar # property. Each type can have any number of attributes, and each # attribute can be associated with any number of types. Attributes are # explicitly declared here, and can then be associated with particular # types in type declarations. Attribute names can then be used throughout # the configuration to express the set of types that are associated with # the attribute. Except for the MLS attributes, attributes have no implicit # meaning to SELinux. The meaning of all other attributes are completely # defined through their usage within the configuration, but should be # documented here as comments preceding the attribute declaration. ##################### # Attributes for MLS: # attribute mlsfileread; attribute mlsfilereadtoclr; attribute mlsfilewrite; attribute mlsfilewritetoclr; attribute mlsfileupgrade; attribute mlsfiledowngrade; attribute mlsnetread; attribute mlsnetreadtoclr; attribute mlsnetwrite; attribute mlsnetwritetoclr; attribute mlsnetupgrade; attribute mlsnetdowngrade; attribute mlsnetrecvall; attribute mlsipcread; attribute mlsipcreadtoclr; attribute mlsipcwrite; attribute mlsipcwritetoclr; attribute mlsprocread; attribute mlsprocreadtoclr; attribute mlsprocwrite; attribute mlsprocwritetoclr; attribute mlsprocsetsl; attribute mlsxwinread; attribute mlsxwinreadtoclr; attribute mlsxwinwrite; attribute mlsxwinwritetoclr; attribute mlsxwinupgrade; attribute mlsxwindowngrade; attribute mlstrustedobject; attribute privrangetrans; attribute mlsrangetrans; ######################### # Attributes for domains: # # The domain attribute identifies every type that can be # assigned to a process. This attribute is used in TE rules # that should be applied to all domains, e.g. permitting # init to kill all processes. attribute domain; # The daemon attribute identifies domains for system processes created via # the daemon_domain, daemon_base_domain, and init_service_domain macros. attribute daemon; # The privuser attribute identifies every domain that can # change its SELinux user identity. This attribute is used # in the constraints configuration. NOTE: This attribute # is not required for domains that merely change the Linux # uid attributes, only for domains that must change the # SELinux user identity. Also note that this attribute makes # no sense without the privrole attribute. attribute privuser; # The privrole attribute identifies every domain that can # change its SELinux role. This attribute is used in the # constraints configuration. attribute privrole; # The userspace_objmgr attribute identifies every domain # which enforces its own policy. attribute userspace_objmgr; # The priv_system_role attribute identifies every domain that can # change role from a user role to system_r role, and identity from a user # identity to system_u. It is used in the constraints configuration. attribute priv_system_role; # The privowner attribute identifies every domain that can # assign a different SELinux user identity to a file, or that # can create a file with an identity that is not the same as the # process identity. This attribute is used in the constraints # configuration. attribute privowner; # The privlog attribute identifies every domain that can # communicate with syslogd through its Unix domain socket. # There is an assertion that other domains can not do it, # and an allow rule to permit it attribute privlog; # The privmodule attribute identifies every domain that can run # modprobe, there is an assertion that other domains can not do it, # and an allow rule to permit it attribute privmodule; # The privsysmod attribute identifies every domain that can have the # sys_module capability attribute privsysmod; # The privmem attribute identifies every domain that can # access kernel memory devices. # This attribute is used in the TE assertions to verify # that such access is limited to domains that are explicitly # tagged with this attribute. attribute privmem; # The privkmsg attribute identifies every domain that can # read kernel messages (/proc/kmsg) # This attribute is used in the TE assertions to verify # that such access is limited to domains that are explicitly # tagged with this attribute. attribute privkmsg; # The privfd attribute identifies every domain that should have # file handles inherited widely (IE sshd_t and getty_t). attribute privfd; # The privhome attribute identifies every domain that can create files under # regular user home directories in the regular context (IE act on behalf of # a user in writing regular files) attribute privhome; # The auth attribute identifies every domain that needs # to read /etc/shadow, and grants the permission. attribute auth; # The auth_write attribute identifies every domain that can have write or # relabel access to /etc/shadow, but does not grant it. attribute auth_write; # The auth_chkpwd attribute identifies every system domain that can # authenticate users by running unix_chkpwd attribute auth_chkpwd; # The change_context attribute identifies setfiles_t, restorecon_t, and other # system domains that change the context of most/all files on the system attribute change_context; # The etc_writer attribute identifies every domain that can write to etc_t attribute etc_writer; # The sysctl_kernel_writer attribute identifies domains that can write to # sysctl_kernel_t, in addition the admin attribute is permitted write access attribute sysctl_kernel_writer; # the sysctl_net_writer attribute identifies domains that can write to # sysctl_net_t files. attribute sysctl_net_writer; # The sysctl_type attribute identifies every type that is assigned # to a sysctl entry. This can be used in allow rules to grant # permissions to all sysctl entries without enumerating each individual # type, but should be used with care. attribute sysctl_type; # The admin attribute identifies every administrator domain. # It is used in TE assertions when verifying that only administrator # domains have certain permissions. # This attribute is presently associated with sysadm_t and # certain administrator utility domains. # XXX The use of this attribute should be reviewed for consistency. # XXX Might want to partition into several finer-grained attributes # XXX used in different assertions within assert.te. attribute admin; # The userdomain attribute identifies every user domain, presently # user_t and sysadm_t. It is used in TE rules that should be applied # to all user domains. attribute userdomain; # for a small domain that can only be used for newrole attribute user_mini_domain; # pty for the mini domain attribute mini_pty_type; # pty created by a server such as sshd attribute server_pty; # attribute for all non-administrative devpts types attribute userpty_type; # The user_tty_type identifies every type for a tty or pty owned by an # unpriviledged user attribute user_tty_type; # The admin_tty_type identifies every type for a tty or pty owned by a # priviledged user attribute admin_tty_type; # The user_crond_domain attribute identifies every user_crond domain, presently # user_crond_t and sysadm_crond_t. It is used in TE rules that should be # applied to all user domains. attribute user_crond_domain; # The unpriv_userdomain identifies non-administrative users (default user_t) attribute unpriv_userdomain; # This attribute is for the main user home directory for unpriv users attribute user_home_dir_type; # The gphdomain attribute identifies every gnome-pty-helper derived # domain. It is used in TE rules to permit inheritance and use of # descriptors created by these domains. attribute gphdomain; # The fs_domain identifies every domain that may directly access a fixed disk attribute fs_domain; # This attribute is for all domains for the userhelper program. attribute userhelperdomain; ############################ # Attributes for file types: # # The file_type attribute identifies all types assigned to files # in persistent filesystems. It is used in TE rules to permit # the association of all such file types with persistent filesystem # types, and to permit certain domains to access all such types as # appropriate. attribute file_type; # The secure_file_type attribute identifies files # which will be treated with a higer level of security. # Most domains will be prevented from manipulating files in this domain attribute secure_file_type; # The device_type attribute identifies all types assigned to device nodes attribute device_type; # The proc_fs attribute identifies all types that may be assigned to # files under /proc. attribute proc_fs; # The dev_fs attribute identifies all types that may be assigned to # files, sockets, or pipes under /dev. attribute dev_fs; # The sysadmfile attribute identifies all types assigned to files # that should be completely accessible to administrators. It is used # in TE rules to grant such access for administrator domains. attribute sysadmfile; # The secadmfile attribute identifies all types assigned to files # that should be only accessible to security administrators. It is used # in TE rules to grant such access for security administrator domains. attribute secadmfile; # The fs_type attribute identifies all types assigned to filesystems # (not limited to persistent filesystems). # It is used in TE rules to permit certain domains to mount # any filesystem and to permit most domains to obtain the # overall filesystem statistics. attribute fs_type; # The mount_point attribute identifies all types that can serve # as a mount point (for the mount binary). It is used in the mount # policy to grant mounton permission, and in other domains to grant # getattr permission over all the mount points. attribute mount_point; # The exec_type attribute identifies all types assigned # to entrypoint executables for domains. This attribute is # used in TE rules and assertions that should be applied to all # such executables. attribute exec_type; # The tmpfile attribute identifies all types assigned to temporary # files. This attribute is used in TE rules to grant certain # domains the ability to remove all such files (e.g. init, crond). attribute tmpfile; # The user_tmpfile attribute identifies all types associated with temporary # files for unpriv_userdomain domains. attribute user_tmpfile; # for the user_xserver_tmp_t etc attribute xserver_tmpfile; # The tmpfsfile attribute identifies all types defined for tmpfs # type transitions. # It is used in TE rules to grant certain domains the ability to # access all such files. attribute tmpfsfile; # The home_type attribute identifies all types assigned to home # directories. This attribute is used in TE rules to grant certain # domains the ability to access all home directory types. attribute home_type; # This attribute is for the main user home directory /home/user, to # distinguish it from sub-dirs. Often you want a process to be able to # read the user home directory but not read the regular directories under it. attribute home_dir_type; # The ttyfile attribute identifies all types assigned to ttys. # It is used in TE rules to grant certain domains the ability to # access all ttys. attribute ttyfile; # The ptyfile attribute identifies all types assigned to ptys. # It is used in TE rules to grant certain domains the ability to # access all ptys. attribute ptyfile; # The pidfile attribute identifies all types assigned to pid files. # It is used in TE rules to grant certain domains the ability to # access all such files. attribute pidfile; ############################ # Attributes for network types: # # The socket_type attribute identifies all types assigned to # kernel-created sockets. Ordinary sockets are assigned the # domain of the creating process. # XXX This attribute is unused. Remove? attribute socket_type; # Identifies all types assigned to port numbers to control binding. attribute port_type; # Identifies all types assigned to reserved port (<1024) numbers to control binding. attribute reserved_port_type; # Identifies all types assigned to network interfaces to control # operations on the interface (XXX obsolete, not supported via LSM) # and to control traffic sent or received on the interface. attribute netif_type; # Identifies all default types assigned to packets received # on network interfaces. attribute netmsg_type; # Identifies all types assigned to network nodes/hosts to control # traffic sent to or received from the node. attribute node_type; # Identifier for log files or directories that only exist for log files. attribute logfile; # Identifier for lock files (/var/lock/*) or directories that only exist for # lock files. attribute lockfile; ############################## # Attributes for security policy types: # # The login_contexts attribute idenitifies the files used # to define default contexts for login types (e.g., login, cron). attribute login_contexts; # Identifier for a domain used by "sendmail -t" (IE user_mail_t, # sysadm_mail_t, etc) attribute user_mail_domain; # Identifies domains that can transition to system_mail_t attribute privmail; # Type for non-sysadm home directory attribute user_home_type; # For domains that are part of a mail server and need to read user files and # fifos, and inherit file handles to enable user email to get to the mail # spool attribute mta_user_agent; # For domains that are part of a mail server for delivering messages to the # user attribute mta_delivery_agent; # For domains that make outbound TCP port 25 connections to send mail from the # mail server. attribute mail_server_sender; # For a mail server process that takes TCP connections on port 25 attribute mail_server_domain; # For web clients such as netscape and squid attribute web_client_domain; # For X Window System server domains attribute xserver; # For X Window System client domains attribute xclient; # For X Window System protocol extensions attribute xextension; # For X Window System property types attribute xproperty; # # For file systems that do not have extended attributes but need to be # r/w by users # attribute noexattrfile; # # For filetypes that the usercan read # attribute usercanread; # # For serial devices # attribute serial_device; # Attribute to designate unrestricted access attribute unrestricted; # For clients of nscd. attribute nscd_client_domain; # For clients of nscd that can use shmem interface. attribute nscd_shmem_domain; # For labeling of content for httpd. This attribute is only used by # the httpd_unified domain, which says treat all httpdcontent the # same. If you want content to be served in a "non-unified" system # you must specifically add "r_dir_file(httpd_t, your_content_t)" to # your policy. attribute httpdcontent; # For labeling of domains whos transition can be disabled attribute transitionbool; # For labeling of file_context domains which users can change files to rather # then the default file context. These file_context can survive a relabeling # of the file system. attribute customizable;