Layer: kernel

Module: kernel

Description:

Policy for kernel threads, proc filesystem, and unlabeled processes and objects.

Interfaces:

kernel_change_ring_buffer_level( domain )
Summary

Change the level of kernel messages logged to the console.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_clear_ring_buffer( domain )
Description

Allows the caller to clear the ring buffer.

Parameters
Parameter:Description:Optional:
domain The process type clearing the buffer. No
kernel_dontaudit_getattr_core( domain )
Description

Do not audit attempts to get the attributes of core kernel interfaces.

Parameters
Parameter:Description:Optional:
domain The process type to not audit. No
kernel_dontaudit_getattr_message_if( domain )
Description

Do not audit attempts by caller to get the attributes of kernel message interfaces.

Parameters
Parameter:Description:Optional:
domain The process type not to audit. No
kernel_dontaudit_getattr_unlabeled_blk_dev( domain )
Description

Do not audit attempts by caller to get attributes for unlabeled block devices.

Parameters
Parameter:Description:Optional:
domain The process type not to audit. No
kernel_dontaudit_read_ring_buffer( domain )
Description

Do not audit attempts to read the ring buffer.

Parameters
Parameter:Description:Optional:
domain The domain to not audit. No
kernel_dontaudit_read_system_state( domain )
Description

Do not audit attempts by caller to read system state information.

Parameters
Parameter:Description:Optional:
domain The process type not to audit. No
kernel_dontaudit_search_network_sysctl_dir( domain )
Description

Do not audit attempts by caller to search sysctl network directories.

Parameters
Parameter:Description:Optional:
domain The process type not to audit. No
kernel_dontaudit_search_sysctl_dir( domain )
Description

Do not audit attempts by caller to search the sysctl directory.

Parameters
Parameter:Description:Optional:
domain The process type not to audit. No
kernel_dontaudit_use_fd( domain )
Description

Do not audit attempts to use kernel file descriptors.

Parameters
Parameter:Description:Optional:
domain The type of process not to audit. No
kernel_get_sysvipc_info( domain )
Description

Get information on all System V IPC objects.

Parameters
Parameter:Description:Optional:
domain No
kernel_getattr_core( domain )
Description

Allows caller to get attribues of core kernel interface.

Parameters
Parameter:Description:Optional:
domain The process type getting the attibutes. No
kernel_getattr_message_if( domain )
Description

Allow caller to get the attributes of kernel message interface (/proc/kmsg).

Parameters
Parameter:Description:Optional:
domain The process type getting the attributes. No
kernel_kill_unlabeled( domain )
Description

Send a kill signal to unlabeled processes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_load_module( domain )
Description

Allows caller to load kernel modules

Parameters
Parameter:Description:Optional:
domain The process type to allow to load kernel modules. No
kernel_read_all_sysctl( domain )
Description

Allow caller to read all sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_device_sysctl( domain )
Description

Allow caller to read the device sysctls.

Parameters
Parameter:Description:Optional:
domain The process type to allow to read the device sysctls. No
kernel_read_fs_sysctl( domain )
Description

Read filesystem sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_hotplug_sysctl( domain )
Description

Read the hotplug sysctl.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_irq_sysctl( domain )
Description

Read IRQ sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_kernel_sysctl( domain )
Description

Read generic kernel sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_messages( domain )
Description

Allow caller to read kernel messages using the /proc/kmsg interface.

Parameters
Parameter:Description:Optional:
domain The process type reading the messages. No
kernel_read_modprobe_sysctl( domain )
Description

Read the modprobe sysctl.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_net_sysctl( domain )
Description

Allow caller to read network sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_network_state( domain )
Description

Allow caller to read the network state information.

Parameters
Parameter:Description:Optional:
domain The process type reading the state. No
kernel_read_ring_buffer( domain )
Description

Allows caller to read the ring buffer.

Parameters
Parameter:Description:Optional:
domain The process type allowed to read the ring buffer. No
kernel_read_rpc_sysctl( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
kernel_read_software_raid_state( domain )
Description

Allow caller to read the state information for software raid.

Parameters
Parameter:Description:Optional:
domain The process type reading software raid state. No
kernel_read_system_state( domain )
Description

Allows caller to read system state information.

Parameters
Parameter:Description:Optional:
domain The process type reading the system state information. No
kernel_read_unix_sysctl( domain )
Description

Allow caller to read unix domain socket sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_read_vm_sysctl( domain )
Description

Allow caller to read virtual memory sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_relabel_unlabeled( domain )
Description

Allow caller to relabel unlabeled objects.

Parameters
Parameter:Description:Optional:
domain The process type relabeling the objects. No
kernel_rootfs_mountpoint( directory_type )
Description

Allows the kernel to mount filesystems on the specified directory type.

Parameters
Parameter:Description:Optional:
directory_type The type of the directory to use as a mountpoint. No
kernel_rw_all_sysctl( domain )
Description

Read and write all sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_device_sysctl( domain )
Description

Read and write device sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_fs_sysctl( domain )
Description

Read and write fileystem sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_hotplug_sysctl( domain )
Description

Read and write the hotplug sysctl.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_irq_sysctl( domain )
Description

Read and write IRQ sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_kernel_sysctl( domain )
Description

Read and write generic kernel sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_modprobe_sysctl( domain )
Description

Read and write the modprobe sysctl.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_net_sysctl( domain )
Description

Allow caller to modiry contents of sysctl network files.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_rpc_sysctl( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
kernel_rw_unix_sysctl( domain )
Description

Read and write unix domain socket sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_rw_vm_sysctl( domain )
Description

Read and write virtual memory sysctls.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_share_state( domain )
Description

Allows the kernel to share state information with the caller.

Parameters
Parameter:Description:Optional:
domain The type of the process with which to share state information. No
kernel_sigchld( domain )
Description

Send a SIGCHLD signal to kernel threads.

Parameters
Parameter:Description:Optional:
domain The type of the process sending the signal. No
kernel_sigchld_unlabeled( domain )
Description

Send a child terminated signal to unlabeled processes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_signal_unlabeled( domain )
Description

Send general signals to unlabeled processes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_signull_unlabeled( domain )
Description

Send a null signal to unlabeled processes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_sigstop_unlabeled( domain )
Description

Send a stop signal to unlabeled processes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
kernel_use_fd( domain )
Description

Permits caller to use kernel file descriptors.

Parameters
Parameter:Description:Optional:
domain The type of the process using the descriptors. No
kernel_userland_entry( domain , entrypoint )
Description

Allows to start userland processes by transitioning to the specified domain.

Parameters
Parameter:Description:Optional:
domain The process type entered by kernel. No
entrypoint The executable type for the entrypoint. No
Return