General system administration role
false
Allow sysadm to debug or ptrace all processes.
Execute a generic bin program in the sysadm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow sysadm to execute a generic bin program in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().
Allow sysadm to execute a generic bin program in a specified domain.
This is a interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain to execute in. |
Create keys for the sysadm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
create sysadm socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send and receive messages from sysadm over dbus.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send and receive messages from sysadm dbusd over dbus.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().
Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().
This is a interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
list sysadm home.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
manage sysadm home .
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
read and write sysadm home .
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
search sysadm home.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
allow passwd change.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
Change to the system administrator role.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
Change from the system administrator role.
Change from the system administrator role to the specified role.
This is an interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
Read and write sysadm user unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a shell in the sysadm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGCHLD signal to sysadm users.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow to connectto sysadm unix_stream_socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
read/write/create/bind sysadm_t unix_stream_socket
Parameter: | Description: |
---|---|
domain |
Domain allowed to access. |
Inherit and use sysadm file descriptors
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Modified admin home directory type.
Parameter: | Description: |
---|---|
type |
Role allowed access. |