X Windows Server
false
Allows clients to write to the X server shared memory segments.
false
Allow regular users direct dri device access
false
Allow the graphical login program to execute bootloader
true
Allow xdm logins as sysadm
false
Allow the graphical login program to create files in HOME dirs as xdm_home_t.
false
Allows XServer to execute writable memory
false
Support X userspace object manager
Create the X windows console named pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create xdm_tmp_t directories
Parameter: | Description: |
---|---|
domain |
Domain to allow |
Create and unlink a named socket in a XDM temporary directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete X server log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute the X server in the X server domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Transition to the Xauthority domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Do not audit attempts to get the attributes of xdm temporary named sockets.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write X server unix domain stream sockets.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write to X server sockets.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write XDM unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to inherit XDM file descriptors.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write the X server log files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Create xserver content in admin home directory with a named file transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to xserver named content
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of X server logs.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
read iceauth_home_t files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Kill X servers
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Interface to provide X object permissions on a given X server to an X client domain. Gives the domain permission to read the virtual core keyboard and virtual core pointer devices.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage XDM home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage XDM var lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete xdm_spool files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage xdm tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create non-drawing client sessions on an X server.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and open files on x server.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read X server temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
read user_fonts_t.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Read all users .Xauthority.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read xdm config files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Read XDM var lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read XDM pid files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read xdm-writable configuration files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read xdm process state files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
read xdm tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read X keyboard extension libraries.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Label the X windows console named pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Rules required for using the X Windows server and environment, for restricted users.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
domain |
Domain allowed access. |
Create sessions on the X server, with read-only access to the X server shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |
Rules required for using the X Windows server and environment.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
domain |
Domain allowed access. |
execute X server in xserver domain
Parameter: | Description: |
---|---|
role |
Assocaited role with type. |
domain |
Domain allowed to transition. |
Read and write the X windows console named pipe.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create sessions on the X server, with read and write access to the X server shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |
Read and write X server Sys V Shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write XDM unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write xdm_t sem.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read write xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search xdm_tmp_t directories
Parameter: | Description: |
---|---|
domain |
Domain to allow |
Set the attributes of the X windows console named pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of XDM temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Signal X servers
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to the X server over a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to XDM over a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Interface to provide X object permissions on a given X server to an X client domain. Gives the domain complete control over the display.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read all users fonts, user font configurations, and manage all users font caches.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Use file descriptors for xdm.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user fonts, user font configuration, and manage the user font cache.
Read user fonts, user font configuration, and manage the user font cache.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Use file descriptors for xdm.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create full client sessions on a user X server.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |
Create a Xauthority file in the user home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write logs to X server.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute xdm in the xdm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Allow domain to send sigchld to xdm_t
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Make an X session script an entrypoint for the specified domain.
Parameter: | Description: |
---|---|
domain |
The domain for which the shell is an entrypoint. |
Execute an X session in the target domain. This is an explicit transition, requiring the caller to use setexeccon().
Execute an Xsession in the target domain. This is an explicit transition, requiring the caller to use setexeccon().
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
target_domain |
The type of the shell process. |
Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.
Parameter: | Description: |
---|---|
prefix |
The prefix of the X client domain (e.g., user is the prefix for user_t). |
domain |
Client domain allowed access. |
Template for creating the set of types used in an X windows domain.
Parameter: | Description: |
---|---|
prefix |
The prefix of the X client domain (e.g., user is the prefix for user_t). |
Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.
Parameter: | Description: |
---|---|
prefix |
The prefix of the X client domain (e.g., user is the prefix for user_t). |
domain |
Client domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |
Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.
Parameter: | Description: |
---|---|
prefix |
The prefix of the X client domain (e.g., user is the prefix for user_t). |
domain |
Client domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |