<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_bootloader.html'> bootloader</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: kernel</h1><p/> <h2>Module: kernel</h2><p/> <h3>Description:</h3> <p><p> Policy for kernel threads, proc filesystem,and unlabeled processes and objects. </p></p> <p>This module is required to be included in all policies.</p> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_kernel_change_ring_buffer_level"></a> <div id="interface"> <div id="codeblock"> <b>kernel_change_ring_buffer_level</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Change the level of kernel messages logged to the console. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_clear_ring_buffer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_clear_ring_buffer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows the caller to clear the ring buffer. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type clearing the buffer. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_core"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_core</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of core kernel interfaces. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type to not audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_message_if"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_message_if</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get the attributes of kernel message interfaces. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type not to audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_unlabeled_blk_dev"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_unlabeled_blk_dev</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get attributes for unlabeled block devices. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type not to audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_read_ring_buffer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_read_ring_buffer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read the ring buffer. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The domain to not audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_read_system_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_read_system_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to read system state information in proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type not to audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_network_sysctl_dir"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_network_sysctl_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to search sysctl network directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type not to audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_sysctl_dir"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_sysctl_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to search the sysctl directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type not to audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_use_fd"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_use_fd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to use kernel file descriptors. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of process not to audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_write_kernel_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_write_kernel_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write generic kernel sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain to not audit. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_get_sysvipc_info"></a> <div id="interface"> <div id="codeblock"> <b>kernel_get_sysvipc_info</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get information on all System V IPC objects. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_getattr_core"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_core</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to get attribues of core kernel interface. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type getting the attibutes. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_getattr_message_if"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_message_if</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to get the attributes of kernel message interface (/proc/kmsg). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type getting the attributes. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_getattr_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of the proc filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_kill_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_kill_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a kill signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_list_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_list_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List the contents of directories in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_list_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_list_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List unlabeled directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_load_module"></a> <div id="interface"> <div id="codeblock"> <b>kernel_load_module</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to load kernel modules </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type to allow to load kernel modules. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_all_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_all_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read all sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_device_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_device_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the device sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type to allow to read the device sysctls. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_fs_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_fs_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read filesystem sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_hotplug_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_hotplug_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the hotplug sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_irq_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_irq_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read IRQ sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_kernel_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_kernel_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read generic kernel sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_messages"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_messages</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read kernel messages using the /proc/kmsg interface. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type reading the messages. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_modprobe_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_modprobe_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the modprobe sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_net_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_net_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read network sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_network_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_network_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the network state information. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type reading the state. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_proc_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_proc_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read symbolic links in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_ring_buffer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_ring_buffer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to read the ring buffer. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type allowed to read the ring buffer. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_rpc_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_rpc_sysctl</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> Parameter descriptions are missing! </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_software_raid_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_software_raid_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the state information for software raid. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type reading software raid state. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_system_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_system_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to read system state information in proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type reading the system state information. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_unix_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_unix_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read unix domain socket sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_read_vm_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_vm_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read virtual memory sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_relabel_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabel_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to relabel unlabeled objects. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type relabeling the objects. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rootfs_mountpoint"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rootfs_mountpoint</b>( directory_type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows the kernel to mount filesystems on the specified directory type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> directory_type </td><td> The type of the directory to use as a mountpoint. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_all_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_all_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write all sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_device_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_device_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write device sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_fs_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_fs_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write fileystem sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_hotplug_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_hotplug_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the hotplug sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_irq_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_irq_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write IRQ sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_kernel_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_kernel_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write generic kernel sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_modprobe_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_modprobe_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the modprobe sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_net_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_net_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to modiry contents of sysctl network files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_pipe"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_pipe</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write kernel unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_rpc_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_rpc_sysctl</b>( ? )<br> </div> <div id="description"> <h5>Summary</h5> <p> Summary is missing! </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> ? </td><td> Parameter descriptions are missing! </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_software_raid_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_software_raid_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read and set the state information for software raid. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type reading software raid state. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_unix_dgram_socket"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unix_dgram_socket</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write kernel unix datagram sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_unix_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unix_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unix domain socket sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_unlabeled_dir"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unlabeled_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unlabeled directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_rw_vm_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_vm_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write virtual memory sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_search_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search directories in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_sendto_unix_dgram_socket"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sendto_unix_dgram_socket</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send messages to kernel unix datagram sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_share_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_share_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows the kernel to share state information with the caller. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process with which to share state information. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_sigchld"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sigchld</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to kernel threads. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process sending the signal. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_sigchld_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sigchld_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a child terminated signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_signal_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_signal_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send general signals to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_signull_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_signull_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a null signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_sigstop_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sigstop_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a stop signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process performing this action. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_tcp_recvfrom"></a> <div id="interface"> <div id="codeblock"> <b>kernel_tcp_recvfrom</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive messages from kernel TCP sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_udp_recvfrom"></a> <div id="interface"> <div id="codeblock"> <b>kernel_udp_recvfrom</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive messages from kernel UDP sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_unconfined"></a> <div id="interface"> <div id="codeblock"> <b>kernel_unconfined</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unconfined access to the kernel. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_use_fd"></a> <div id="interface"> <div id="codeblock"> <b>kernel_use_fd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Permits caller to use kernel file descriptors. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The type of the process using the descriptors. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_use_unlabeled_blk_dev"></a> <div id="interface"> <div id="codeblock"> <b>kernel_use_unlabeled_blk_dev</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unlabeled block device nodes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> Domain allowed access. </td><td> No </td></tr> </table> </div> </div> <a name="link_kernel_userland_entry"></a> <div id="interface"> <div id="codeblock"> <b>kernel_userland_entry</b>( domain , entrypoint )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows to start userland processes by transitioning to the specified domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> The process type entered by kernel. </td><td> No </td></tr> <tr><td> entrypoint </td><td> The executable type for the entrypoint. </td><td> No </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>