675 lines
		
	
	
		
			9.0 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			675 lines
		
	
	
		
			9.0 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| <html>
 | |
| <head>
 | |
| <title>
 | |
|  Security Enhanced Linux Reference Policy
 | |
|  </title>
 | |
| <style type="text/css" media="all">@import "style.css";</style>
 | |
| </head>
 | |
| <body>
 | |
| <div id="Header">Security Enhanced Linux Reference Policy</div>
 | |
| <div id='Menu'>
 | |
| 	
 | |
| 		<a href="admin.html">+ 
 | |
| 		admin</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 		<a href="apps.html">+ 
 | |
| 		apps</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 		<a href="kernel.html">+ 
 | |
| 		kernel</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 			   - <a href='kernel_bootloader.html'>
 | |
| 			bootloader</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_corenetwork.html'>
 | |
| 			corenetwork</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_devices.html'>
 | |
| 			devices</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_filesystem.html'>
 | |
| 			filesystem</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_kernel.html'>
 | |
| 			kernel</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_selinux.html'>
 | |
| 			selinux</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_storage.html'>
 | |
| 			storage</a><br/>
 | |
| 		
 | |
| 			   - <a href='kernel_terminal.html'>
 | |
| 			terminal</a><br/>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 		<a href="services.html">+ 
 | |
| 		services</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 		<a href="system.html">+ 
 | |
| 		system</a></br/>
 | |
| 		<div id='subitem'>
 | |
| 		
 | |
| 		</div>
 | |
| 	
 | |
| 	<br/><p/>
 | |
| 	<a href="global_booleans.html">* Global Booleans </a>
 | |
| 	<br/><p/>
 | |
| 	<a href="global_tunables.html">* Global Tunables </a>
 | |
| 	<p/><br/><p/>
 | |
| 	<a href="index.html">* Layer Index</a>
 | |
| 	<br/><p/>
 | |
| 	<a href="interfaces.html">* Interface Index</a>
 | |
| 	<br/><p/>
 | |
| 	<a href="templates.html">* Template Index</a>
 | |
| </div>
 | |
| 
 | |
| <div id="Content">
 | |
| <a name="top":></a>
 | |
| <h1>Layer: kernel</h1><p/>
 | |
| <h2>Module: selinux</h2><p/>
 | |
| 
 | |
| <h3>Description:</h3>
 | |
| 
 | |
| <p><p>
 | |
| Policy for kernel security interface, in particular, selinuxfs.
 | |
| </p></p>
 | |
| 
 | |
| 
 | |
| <p>This module is required to be included in all policies.</p>
 | |
| 
 | |
| 
 | |
| <a name="interfaces"></a>
 | |
| <h3>Interfaces: </h3>
 | |
| 
 | |
| <a name="link_selinux_compute_access_vector"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_compute_access_vector</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allows caller to compute an access vector.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type allowed to compute an access vector.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_compute_create_context"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_compute_create_context</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| 
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| 
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_compute_relabel_context"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_compute_relabel_context</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| 
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type to
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_compute_user_contexts"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_compute_user_contexts</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allows caller to compute possible contexts for a user.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type allowed to compute user contexts.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_dontaudit_search_fs"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_dontaudit_search_fs</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Do not audit attempts to search selinuxfs.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| Domain to not audit.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_get_enforce_mode"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_get_enforce_mode</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allows the caller to get the mode of policy enforcement
 | |
| (enforcing or permissive mode).
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type to allow to get the enforcing mode.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_get_fs_mount"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_get_fs_mount</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Gets the caller the mountpoint of the selinuxfs filesystem.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type requesting the selinuxfs mountpoint.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_load_policy"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_load_policy</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allow caller to load the policy into the kernel.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type that will load the policy.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_set_boolean"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_set_boolean</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 		
 | |
| 			,
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 			[
 | |
| 		
 | |
| 		booltype
 | |
| 		
 | |
| 			]
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allow caller to set the state of Booleans to
 | |
| enable or disable conditional portions of the policy.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type allowed to set the Boolean.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| booltype
 | |
| </td><td>
 | |
| 
 | |
| The type of Booleans the caller is allowed to set.
 | |
| 
 | |
| </td><td>
 | |
| yes
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_set_enforce_mode"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_set_enforce_mode</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allow caller to set the mode of policy enforcement
 | |
| (enforcing or permissive mode).
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type to allow to set the enforcement mode.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_set_parameters"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_set_parameters</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allow caller to set selinux security parameters.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type to allow to set security parameters.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_unconfined"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_unconfined</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Unconfined access to the SELinux security server.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| Domain allowed access.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| <a name="link_selinux_validate_context"></a>
 | |
| <div id="interface">
 | |
| 
 | |
| 
 | |
| <div id="codeblock">
 | |
| 
 | |
| <b>selinux_validate_context</b>(
 | |
| 	
 | |
| 		
 | |
| 		
 | |
| 		
 | |
| 		domain
 | |
| 		
 | |
| 	
 | |
| 	)<br>
 | |
| </div>
 | |
| <div id="description">
 | |
| 
 | |
| <h5>Summary</h5>
 | |
| <p>
 | |
| Allows caller to validate security contexts.
 | |
| </p>
 | |
| 
 | |
| 
 | |
| <h5>Parameters</h5>
 | |
| <table border="1" cellspacing="0" cellpadding="3" width="80%">
 | |
| <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 | |
| 
 | |
| <tr><td>
 | |
| domain
 | |
| </td><td>
 | |
| 
 | |
| The process type permitted to validate contexts.
 | |
| 
 | |
| </td><td>
 | |
| No
 | |
| </td></tr>
 | |
| 
 | |
| </table>
 | |
| </div>
 | |
| </div>
 | |
| 
 | |
| 
 | |
| <a href=#top>Return</a>
 | |
| 
 | |
| 
 | |
| 
 | |
| </div>
 | |
| </body>
 | |
| </html>
 |