Layer: services

Module: xserver

Tunables Interfaces Templates

Description:

X Windows Server


Tunables:

allow_write_xshm
Default value

false

Description

Allows clients to write to the X server shared memory segments.

selinuxuser_direct_dri_enabled
Default value

false

Description

Allow regular users direct dri device access

xdm_exec_bootloader
Default value

false

Description

Allow the graphical login program to execute bootloader

xdm_sysadm_login
Default value

true

Description

Allow xdm logins as sysadm

xdm_write_home
Default value

false

Description

Allow the graphical login program to create files in HOME dirs as xdm_home_t.

xserver_execmem
Default value

false

Description

Allows XServer to execute writable memory

xserver_object_manager
Default value

false

Description

Support X userspace object manager

Return

Interfaces:

xserver_create_console_pipes( domain )
Summary

Create the X windows console named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_create_xdm_tmp_dir( domain )
Summary

Create xdm_tmp_t directories

Parameters
Parameter:Description:
domain

Domain to allow

xserver_create_xdm_tmp_sockets( domain )
Summary

Create and unlink a named socket in a XDM temporary directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_delete_log( domain )
Summary

Delete X server log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_domtrans( domain )
Summary

Execute the X server in the X server domain.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

xserver_domtrans_xauth( domain )
Summary

Transition to the Xauthority domain.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

xserver_dontaudit_getattr_xdm_tmp_sockets( domain )
Summary

Do not audit attempts to get the attributes of xdm temporary named sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

xserver_dontaudit_read_xdm_tmp_files( domain )
Summary

Do not audit attempts to read xdm temporary files.

Parameters
Parameter:Description:
domain

Domain to not audit.

xserver_dontaudit_rw_stream_sockets( domain )
Summary

Do not audit attempts to read and write X server unix domain stream sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

xserver_dontaudit_rw_tcp_sockets( domain )
Summary

Do not audit attempts to read and write to X server sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

xserver_dontaudit_rw_xdm_pipes( domain )
Summary

Do not audit attempts to read and write XDM unnamed pipes.

Parameters
Parameter:Description:
domain

Domain to not audit.

xserver_dontaudit_use_xdm_fds( domain )
Summary

Do not audit attempts to inherit XDM file descriptors.

Parameters
Parameter:Description:
domain

Domain to not audit.

xserver_dontaudit_write_log( domain )
Summary

Do not audit attempts to write the X server log files.

Parameters
Parameter:Description:
domain

Domain to not audit.

xserver_filetrans_admin_home_content( domain )
Summary

Create xserver content in admin home directory with a named file transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_filetrans_home_content( domain )
Summary

Transition to xserver named content

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_getattr_log( domain )
Summary

Get the attributes of X server logs.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_iceauth_home_read( domain )
Summary

read iceauth_home_t files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_kill( domain )
Summary

Kill X servers

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_manage_core_devices( domain )
Summary

Interface to provide X object permissions on a given X server to an X client domain. Gives the domain permission to read the virtual core keyboard and virtual core pointer devices.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_manage_xdm_home_files( domain )
Summary

Manage XDM home files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_manage_xdm_lib_files( domain )
Summary

Manage XDM var lib files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_manage_xdm_spool_files( domain )
Summary

Create, read, write, and delete xdm_spool files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_manage_xdm_tmp_files( domain )
Summary

Create, read, write, and delete xdm temporary files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_manage_xdm_tmpfs( domain )
Summary

Manage xdm tmpfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_non_drawing_client( domain )
Summary

Create non-drawing client sessions on an X server.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_proc_files( domain )
Summary

Read and open files on x server.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_tmp_files( domain )
Summary

Read X server temporary files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_user_fonts( domain )
Summary

read user_fonts_t.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

xserver_read_user_xauth( domain )
Summary

Read all users .Xauthority.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_xdm_etc_files( domain )
Summary

Read xdm config files.

Parameters
Parameter:Description:
domain

Domain to not audit

xserver_read_xdm_lib_files( domain )
Summary

Read XDM var lib files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_xdm_pid( domain )
Summary

Read XDM pid files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_xdm_rw_config( domain )
Summary

Read xdm-writable configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_xdm_state( domain )
Summary

Read xdm process state files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_xdm_tmp_files( domain )
Summary

Read xdm temporary files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_xdm_tmpfs( domain )
Summary

read xdm tmpfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_read_xkb_libs( domain )
Summary

Read X keyboard extension libraries.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_relabel_setattr_xconsole_pipes( domain )
Summary

Label the X windows console named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_restricted_role( role , domain )
Summary

Rules required for using the X Windows server and environment, for restricted users.

Parameters
Parameter:Description:
role

Role allowed access.

domain

Domain allowed access.

xserver_ro_session( domain , tmpfs_type )
Summary

Create sessions on the X server, with read-only access to the X server shared memory segments.

Parameters
Parameter:Description:
domain

Domain allowed access.

tmpfs_type

The type of the domain SYSV tmpfs files.

xserver_role( role , domain )
Summary

Rules required for using the X Windows server and environment.

Parameters
Parameter:Description:
role

Role allowed access.

domain

Domain allowed access.

xserver_run( role , domain )
Summary

execute X server in xserver domain

Parameters
Parameter:Description:
role

Assocaited role with type.

domain

Domain allowed to transition.

xserver_rw_console( domain )
Summary

Read and write the X windows console named pipe.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_rw_session( domain , tmpfs_type )
Summary

Create sessions on the X server, with read and write access to the X server shared memory segments.

Parameters
Parameter:Description:
domain

Domain allowed access.

tmpfs_type

The type of the domain SYSV tmpfs files.

xserver_rw_shm( domain )
Summary

Read and write X server Sys V Shared memory segments.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_rw_xdm_pipes( domain )
Summary

Read and write XDM unnamed pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_rw_xdm_sem( domain )
Summary

Read and write xdm_t sem.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_rw_xdm_tmp_files( domain )
Summary

Read write xdm temporary files.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_search_xdm_tmp( domain )
Summary

Search xdm_tmp_t directories

Parameters
Parameter:Description:
domain

Domain to allow

xserver_setattr_console_pipes( domain )
Summary

Set the attributes of the X windows console named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_setattr_xdm_tmp_dirs( domain )
Summary

Set the attributes of XDM temporary directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_signal( domain )
Summary

Signal X servers

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_stream_connect( domain )
Summary

Connect to the X server over a unix domain stream socket.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_stream_connect_xdm( domain )
Summary

Connect to XDM over a unix domain stream socket.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_unconfined( domain )
Summary

Interface to provide X object permissions on a given X server to an X client domain. Gives the domain complete control over the display.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_use_all_users_fonts( domain )
Summary

Read all users fonts, user font configurations, and manage all users font caches.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_use_fds( domain )
Summary

Use file descriptors for xdm.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_use_user_fonts( domain )
Summary

Read user fonts, user font configuration, and manage the user font cache.

Description

Read user fonts, user font configuration, and manage the user font cache.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_use_xdm_fds( domain )
Summary

Use file descriptors for xdm.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_user_client( domain , tmpfs_type )
Summary

Create full client sessions on a user X server.

Parameters
Parameter:Description:
domain

Domain allowed access.

tmpfs_type

The type of the domain SYSV tmpfs files.

xserver_user_home_dir_filetrans_user_xauth( domain )
Summary

Create a Xauthority file in the user home directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_write_log( domain )
Summary

Write logs to X server.

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_xdm_initrc_domtrans( domain )
Summary

Execute xdm in the xdm domain.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

xserver_xdm_sigchld( domain )
Summary

Allow domain to send sigchld to xdm_t

Parameters
Parameter:Description:
domain

Domain allowed access.

xserver_xsession_entry_type( domain )
Summary

Make an X session script an entrypoint for the specified domain.

Parameters
Parameter:Description:
domain

The domain for which the shell is an entrypoint.

xserver_xsession_spec_domtrans( domain , target_domain )
Summary

Execute an X session in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute an Xsession in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

target_domain

The type of the shell process.

Return

Templates:

xserver_common_x_domain_template( prefix , domain )
Summary

Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.

Parameters
Parameter:Description:
prefix

The prefix of the X client domain (e.g., user is the prefix for user_t).

domain

Client domain allowed access.

xserver_object_types_template( prefix )
Summary

Template for creating the set of types used in an X windows domain.

Parameters
Parameter:Description:
prefix

The prefix of the X client domain (e.g., user is the prefix for user_t).

xserver_user_x_domain_template( prefix , domain , tmpfs_type )
Summary

Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.

Parameters
Parameter:Description:
prefix

The prefix of the X client domain (e.g., user is the prefix for user_t).

domain

Client domain allowed access.

tmpfs_type

The type of the domain SYSV tmpfs files.

xserver_user_x_domain_template_kylin( prefix , domain , tmpfs_type )
Summary

Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.

Parameters
Parameter:Description:
prefix

The prefix of the X client domain (e.g., user is the prefix for user_t).

domain

Client domain allowed access.

tmpfs_type

The type of the domain SYSV tmpfs files.

Return