Layer: system

Module: domain

Interfaces Templates

Description:

Core policy for domains.

This module is required to be included in all policies.

Interfaces:

domain_base_domain_type( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_dontaudit_getattr_all_sockets( domain )
Summary

Do not audit attempts to get the attributes of all domains sockets, for all socket types.

Description

Do not audit attempts to get the attributes of all domains sockets, for all socket types.

This interface was added for PCMCIA cardmgr and is probably excessive.

Parameters
Parameter:Description:Optional:
domain Domain to not audit. No
domain_dontaudit_getattr_all_tcp_sockets( domain )
Summary

Do not audit attempts to get the attributes of all domains TCP sockets.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_getattr_all_udp_sockets( domain )
Summary

Do not audit attempts to get the attributes of all domains UDP sockets.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_getattr_all_unix_dgram_sockets( domain )
Description

Do not audit attempts to get the attributes of all domains unix datagram sockets.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_getattr_all_unnamed_pipes( domain )
Description

Do not audit attempts to get the attributes of all domains unnamed pipes.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_getsession_all_domains( domain )
Summary

Do not audit attempts to get the session ID of all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_list_all_domains_proc( domain )
Description

Do not audit attempts to read the process state directories of all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_read_all_domains_state( domain )
Summary

Do not audit attempts to read the process state (/proc/pid) of all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_rw_all_key_sockets( domain )
Summary

Do not audit attempts to read or write all domains key sockets.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_rw_all_udp_sockets( domain )
Summary

Do not audit attempts to read or write all domains UDP sockets.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_dontaudit_use_wide_inherit_fd( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_dyntrans_type( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_entry_file( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_exec_all_entry_files( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_getattr_all_sockets( domain )
Summary

Get the attributes of all domains sockets, for all socket types.

Description

Get the attributes of all domains sockets, for all socket types.

This is commonly used for domains that can use lsof on all domains.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
domain_getsession_all_domains( domain )
Summary

Get the session ID of all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_kill_all_domains( domain )
Description

Send a kill signal to all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_obj_id_change_exempt( domain )
Description

Makes caller an exception to the constraint preventing changing the user identity in object contexts.

Parameters
Parameter:Description:Optional:
domain The process type to make an exception to the constraint. No
domain_read_all_domains_state( domain )
Summary

Read the process state (/proc/pid) of all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_read_all_entry_files( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_role_change_exempt( domain )
Description

Makes caller an exception to the constraint preventing changing of role.

Parameters
Parameter:Description:Optional:
domain The process type to make an exception to the constraint. No
domain_setpriority_all_domains( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_sigchld_all_domains( domain )
Description

Send a child terminated signal to all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_sigchld_wide_inherit_fd( domain )
Summary

Send a SIGCHLD signal to domains whose file discriptors are widely inheritable.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
domain_signal_all_domains( domain )
Description

Send general signals to all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_signull_all_domains( domain )
Description

Send a null signal to all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_sigstop_all_domains( domain )
Description

Send a stop signal to all domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_subj_id_change_exempt( domain )
Description

Makes caller an exception to the constraint preventing changing of user identity.

Parameters
Parameter:Description:Optional:
domain The process type to make an exception to the constraint. No
domain_type( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_unconfined( domain )
Summary

Unconfined access to domains.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
domain_use_wide_inherit_fd( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_wide_inherit_fd( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
Return

Templates:

domain_auto_trans( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
domain_trans( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
Return