admin_domain
|
Defines a domain for an administrative user.
|
append_logdir_domain
|
Authorizes a specified domain to create, read, and append to logfiles
within its own specially labeled logging directory.
|
append_log_domain
|
Authorizes a specified domain to read and append to its own specially
labeled logfiles.
|
application_domain
|
Authorizes a specified domain to perform operations common to simple
applications.
|
base_file_read_access
|
Authorizes a specified domain to read and search several system file
types.
|
base_pty_perms
|
Authorizes a specified domain to access the pty master multiplexer
domain and to search /dev/pts.
|
base_user_domain
|
Defines a domain for a nonadministrative user.
|
can_create_other_pty
|
Authorizes a specified domain to create new ptys for another
specified domain.
|
can_create_pty
|
Authorizes a specified domain to create new ptys.
|
can_exec
|
Authorizes a specified domain to execute files having a specified
type (domain) without transitioning to a new domain.
|
can_exec_any
|
Authorizes a specified domain to execute a variety of executable
types.
|
can_getcon
|
Authorizes a specified domain to obtain its execution context.
|
can_getsecurity
|
Authorizes a specified domain to query the security server.
|
can_loadpol
|
Authorizes a specified domain to load a policy.
|
can_network
|
Authorizes a specified domain to access the network.
|
can_ps
|
Authorizes a process in a specified domain to see
/proc entries for processes in another specified
domain.
|
can_ptrace
|
Authorizes a specified domain to trace processes executing in another
specified domain.
|
can_setbool
|
Authorizes a specified domain to set a policy Boolean.
|
can_setenforce
|
Authorizes a specified domain to set the SELinux enforcement mode.
|
can_setexec
|
Authorizes a specified domain to set its exec
context.
|
can_setfscreate
|
Authorizes a domain to set its fscreate context.
|
can_sysctl
|
Authorizes a specified domain to modify sysctl
parameters.
|
can_tcp_connect
|
Authorizes a specified domain to establish a TCP connection with
another specified domain.
|
can_udp_send
|
Authorizes a specified domain to send UDP datagrams to another
specified domain.
|
can_unix_connect
|
Authorizes two specified domains to establish a Unix stream
connection.
|
can_unix_send
|
Authorizes a specified domain to send Unix datagrams to another
specified domain.
|
create_append_log_file
|
Authorizes a domain to read, write, and add names to directories and
create and append to files.
|
create_dir_file
|
Authorizes a specified domain to create and use directories and files.
|
create_dir_notdevfile
|
Defines access-vector rules for creating and using directories and
nondevice files.
|
create_dir_perms
|
Defines permissions needed to create and use directories.
|
create_file_perms
|
Defines permissions needed to create and use files.
|
create_msgq_perms
|
Defines permissions needed to create message queues and read and
write message queues and their attributes.
|
create_sem_perms
|
Defines permissions needed to create semaphores and read and write
semaphores and their attributes.
|
create_shm_perms
|
Defines permissions needed to create shared memory segments and read
and write shared memory segments and their attributes.
|
create_socket_perms
|
Defines permissions needed to create, read, write, and otherwise use
sockets.
|
create_stream_socket_perms
|
Defines permissions needed to create, read, write, and otherwise use
stream sockets.
|
daemon_base_domain
|
Authorizes a specified domain to perform a variety of operations
useful to daemons, including those authorized by
daemon_core_rules.
|
daemon_core_rules
|
Authorizes a specified domain to access a variety of types useful to
daemons.
|
daemon_domain
|
Authorizes a specified domain to use PID files.
|
daemon_sub_domain
|
Defines a child domain of a specified domain.
|
devfile_class_set
|
Defines a class that includes all device file classes.
|
dgram_socket_class_set
|
Defines a class that includes all datagram socket classes.
|
dir_file_class_set
|
Defines a class that includes all directory and file classes.
|
domain_auto_trans
|
Authorizes a specified domain to automatically transition to another
specified domain.
|
domain_trans
|
Authorizes a specified domain to transition to another specified
domain.
|
etcdir_domain
|
Authorizes a specified domain to read files within its own specially
labeled configuration subdirectory of directories labeled
etc_t.
|
etc_domain
|
Authorizes a specified domain to read its own specially labeled
configuration files residing in directories labeled
etc_t.
|
file_class_set
|
Defines a class including all nondirectory file classes.
|
file_type_auto_trans
|
Authorizes a specified domain to automatically label with a specified
type files created within directories having another specified type.
|
file_type_trans
|
Authorizes a specified domain to label with a specified type files
created within directories having another specified type.
|
full_user_role
|
Defines a role for a user who logs in to the system and has full user
status.
|
general_domain_access
|
Authorizes a specified domain to access processes, PID files, file
descriptors, pipes, Unix sockets, and IPC objects belonging to the
domain.
|
general_proc_read_access
|
Authorizes a specified domain to access most nodes in the
/proc filesystem.
|
init_service_domain
|
Authorizes a specified domain to perform operations useful to
programs that are run from init.
|
in_user_role
|
Defines a type as accessible to the user_r and
staff_r roles.
|
link_file_perms
|
Defines permissions needed to link, unlink, and rename files.
|
lock_domain
|
Authorizes a specified domain to use its own specially labeled lock
files within directories labeled var_lock_t.
|
logdir_domain
|
Authorizes a specified domain to create private logfiles.
|
log_domain
|
Authorizes a specified domain to use files having type
var_log_t.
|
mini_user_domain
|
Defines a simple domain for a nonadministrative user having minimal
privileges.
|
mount_fs_perms
|
Defines permissions needed to mount and unmount filesystems.
|
notdevfile_class_set
|
Defines a class including all nondevice file classes.
|
packet_perms
|
Defines permissions needed to send and receive network packets.
|
pty_slave_label
|
Authorizes a specified domain to access a slave pty, but not to
create new ptys.
|
r_dir_file
|
Authorizes a specified domain to read directories and files.
|
r_dir_perms
|
Defines permissions needed to read directories and directory
attributes.
|
r_file_perms
|
Defines permissions needed to read files and file attributes.
|
r_msgq_perms
|
Defines permissions needed to read message queues and message queue
attributes.
|
r_sem_perms
|
Defines permissions needed to read semaphores and semaphore
attributes.
|
r_shm_perms
|
Defines permissions needed to read shared memory segments and shared
memory segment attributes.
|
ra_dir_create_file
|
Defines access-vector rules for reading directories and files,
creating and appending to files, and adding names to directories.
|
ra_dir_file
|
Defines access vector rules for reading directories and files,
appending to files, and adding names to directories.
|
ra_dir_perms
|
Defines permissions needed to read directories and add names to
directories.
|
ra_file_perms
|
Defines permissions needed to read and append to files.
|
read_locale
|
Authorizes a specified domain to read the locale data,
/etc/localtime, and the file to which it links.
|
read_sysctl
|
Authorizes a specified domain to read sysctl
variables.
|
rw_dir_create_file
|
Authorizes a specified domain to read and write directories and
create and use files.
|
rw_dir_file
|
Defines access vector rules for reading and writing files and
directories.
|
rw_dir_perms
|
Defines permissions needed to read and write directories and
directory attributes.
|
rw_file_perms
|
Defines permissions needed to read and write files and file
attributes.
|
rw_msgq_perms
|
Defines permissions needed to read and write message queues and their
attributes.
|
rw_sem_perms
|
Defines permissions needed to read and write semaphores and their
attributes.
|
rw_shm_perms
|
Defines permissions needed to read and write shared memory segments
and their attributes.
|
rw_socket_perms
|
Defines permissions needed to read, write, and otherwise use (but not
create) sockets.
|
rw_stream_socket_perms
|
Defines permissions needed to read, write, and otherwise use (but not
create) stream sockets.
|
rx_file_perms
|
Defines permissions needed to read and execute files.
|
signal_perms
|
Defines permissions needed to send signals to processes.
|
socket_class_set
|
Defines a class including all socket classes.
|
stat_file_perms
|
Defines permissions needed to get file attributes.
|
stream_socket_class_set
|
Defines a class including all stream socket classes.
|
system_domain
|
Authorizes a specified domain to use shared libraries, the system
log, access system administration files, and perform other operations
common to system processes.
|
tmp_domain
|
Authorizes a specified domain to create and use files having type
tmp_t.
|
tmpfs_domain
|
Authorizes a specified domain to create and use files having type
tmpfs_t.
|
unconfined_domain
|
Authorize a domain to perform any operation permitted by Linux DAC,
effectively bypassing all SELinux policy checks.
|
unpriv_socket_class_set
|
Defines a class including all nonprivileged socket classes (excludes
rawip-, netlink-, and packet-related classes).
|
user_application_domain
|
Authorizes a specified domain to perform operations common to simple
applications and defines the domain as a user domain.
|
user_domain
|
Defines a domain for a nonadministrative user.
|
uses_authbind
|
Authorizes a specified domain to use services provided by the
authbind_t domain.
|
uses_shlib
|
Authorizes a specified domain to use shared libraries.
|
var_lib_domain
|
Authorizes a specified domain to use files having type
var_lib_t.
|
var_run_domain
|
Authorizes a specified domain to create files in
/var/run files and other directories created for
the domain.
|
x_file_perms
|
Defines permissions needed to execute files.
|
