1020 lines
		
	
	
		
			15 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			1020 lines
		
	
	
		
			15 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <html>
 | |
| <head>
 | |
| <title>
 | |
|  Security Enhanced Linux Reference Policy
 | |
|  </title>
 | |
| <style type="text/css" media="all">@import "style.css";</style>
 | |
| </head>
 | |
| <body>
 | |
| <div id="Header">Security Enhanced Linux Reference Policy</div>
 | |
| <div id='Menu'>
 | |
| 	
 | |
| 		<a href="admin.html">+ 
 | |
| 		admin</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 		<a href="kernel.html">+ 
 | |
| 		kernel</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 			   - <a href='kernel_bootloader.html'>
 | |
| 			bootloader</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_corenetwork.html'>
 | |
| 			corenetwork</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_devices.html'>
 | |
| 			devices</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_filesystem.html'>
 | |
| 			filesystem</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_kernel.html'>
 | |
| 			kernel</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_selinux.html'>
 | |
| 			selinux</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_storage.html'>
 | |
| 			storage</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_terminal.html'>
 | |
| 			terminal</a><br/>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 		<a href="services.html">+ 
 | |
| 		services</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 		<a href="system.html">+ 
 | |
| 		system</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 	<br/><p/>
 | |
| 	<a href="interfaces.html">* Interface Index</a>
 | |
| </div>
 | |
| 
 | |
| <div id="Content">
 | |
| <h1>Layer: kernel</h1><p/>
 | |
| <h2>Module: storage</h2><p/>
 | |
| <h3>Description:</h3>
 | |
| 
 | |
| <p>Policy controlling access to storage devices</p>
 | |
| 
 | |
| <h3>Interfaces: </h3>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_create_fixed_disk</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Create block devices in /dev with the fixed disk type.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_dontaudit_getattr_fixed_disk</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Do not audit attempts made by the caller to get
 | |
| 	the attributes of fixed disk device nodes.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process to not audit.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_dontaudit_getattr_removable_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Do not audit attempts made by the caller to get
 | |
| 	the attributes of removable devices device nodes.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process to not audit.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_getattr_fixed_disk</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to get the attributes of fixed disk
 | |
| 	device nodes.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_getattr_removable_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to get the attributes of removable
 | |
| 	devices device nodes.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_getattr_scsi_generic</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Get attributes of the device nodes
 | |
| 	for the SCSI generic inerface.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_getattr_tape_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to get the attributes
 | |
| 	of device nodes of tape devices.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_manage_fixed_disk</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Create, read, write, and delete fixed disk device nodes.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_raw_read_fixed_disk</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly read from a fixed disk.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_raw_read_lvm_volume</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly read from a logical volume.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_raw_read_removable_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly read from
 | |
| 	a removable device.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_raw_write_fixed_disk</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly write to a fixed disk.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_raw_write_lvm_volume</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly read from a logical volume.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_raw_write_removable_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly write to
 | |
| 	a removable device.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_read_scsi_generic</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly read, in a
 | |
| 	generic fashion, from any SCSI device.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_read_tape_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly read
 | |
| 	a tape device.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_setattr_fixed_disk</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to set the attributes of fixed disk
 | |
| 	device nodes.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_setattr_removable_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to set the attributes of removable
 | |
| 	devices device nodes.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_setattr_scsi_generic</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Set attributes of the device nodes
 | |
| 	for the SCSI generic inerface.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_setattr_tape_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to set the attributes
 | |
| 	of device nodes of tape devices.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_write_scsi_generic</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly write, in a
 | |
| 	generic fashion, from any SCSI device.
 | |
| 	This is extremly dangerous as it can bypass the
 | |
| 	SELinux protections for filesystem objects, and
 | |
| 	should only be used by trusted domains.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>storage_write_tape_device</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| 
 | |
| <div id="description">
 | |
| <h5>Description:</h5>
 | |
| <p>
 | |
| 	Allow the caller to directly read
 | |
| 	a tape device.
 | |
| </p><br/>
 | |
| <h5>Parameters:</h5>
 | |
| <div id="description">
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 	The type of the process performing this action.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| 
 | |
| 
 | |
| </div>
 | |
| </body>
 | |
| </html>
 |