Policy for user domains
false
Allow users to connect to mysql
false
Allow users to connect to PostgreSQL
false
Allow regular users direct mouse access
false
Allow users to read system messages.
true
Allow user to exec files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
true
Allow user to read files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
true
Allow user to read files on filesystems that with type unlabeled_t (ext4, squashfs)
true
Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
true
Allow user to r/w files on filesystems that with type unlabeled_t (ext4, squashfs)
false
Allow w to display everyone
Create objects in all directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in a user home directory with an automatic type transition to the user home file type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects under all home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Allow append on inherited user home files.
Parameter: | Description: |
---|---|
domain |
Domain to allow. |
Allow domain to attach to TUN devices created by administrative users.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create objects in auditadm directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in a auditadm home directory with an automatic type transition to the audit home file type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects under auditadm home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Execute bin_t in the unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Create keys for all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manager nstwork sock.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create a user pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create named sockets in the tmp (/tmp).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a dbus message to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all user home content files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all user home content symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete auditadm home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all auditadm home content symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete secadm home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all secadm home content symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete sysadm home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all sysadm home content symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete user home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete symbolic links in a user home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete named sockets in the tmp (/tmp).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to append user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to append users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to execute user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to get the attributes of user home directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to get the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to list user home subdirectories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to list user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to create, read, write, and delete directories in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to manage users temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to manage users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to relabel files from user pty types.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write unserdomain stream.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Allowed to dontaudit when a domain search admin dir
Parameter: | Description: |
---|---|
domain |
Domain not to taudit. |
Do not audit attempts to search user home content directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to search user home directories.
Do not audit attempts to search user home directories. This will supress SELinux denial messages when the specified domain is denied the permission to search these directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to set the attributes of user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to set the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to inherit the file descriptors from any user domains.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to inherit the file descriptors from unprivileged user domains.
Do not audit attempts to inherit the file descriptors from unprivileged user domains. This will supress SELinux denial messages when the specified domain is denied the permission to inherit these file descriptors.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to use user ptys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write a user domain tty and pty.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to use user ttys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Execute all entrypoint files in unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute all home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute auditadm home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute secadm home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute spec home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute sysadm home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
The execute access user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Exec to user temporary named sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute generic user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create directories in the home dir root with the user home directory type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
name |
The name of the object being created. |
Associated a type with userdom_home_manager_type attribute.
Parameter: | Description: |
---|---|
type |
Attribute type. |
Send kill signals to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List all users home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List auditadm users home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List secadm home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List sysadm home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List users home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete directories in all home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in all home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named pipes in all home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named sockets in all home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete symbolic links all home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create on all home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete directories in auditadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in auditadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named pipes auditadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named sockets auditadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete symbolic links auditadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create on auditadm home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete directories in secadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in secadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named pipes secadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named sockets secadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete symbolic links secadm subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create on secadm home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete directories in spec home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in spec home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete directories in sysadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in sysadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named pipes sysadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named sockets sysadm home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete symbolic links sysadm subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create on sysadm home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary files
Parameter: | Description: |
---|---|
role |
Role allowed access. |
domain |
Domain allowed access. |
Role access for the user tmpfs type that the user has full access.
Role access for the user tmpfs type that the user has full access.
This does not allow execute access.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
domain |
Domain allowed access. |
Domain access for the user tmpfs type socket file
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage unpriviledged user SysV sempaphores.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage unpriviledged user SysV shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete directories in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named pipes user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named sockets user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete symbolic links user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create on user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary named pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary named sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed to access. |
Create, read, write, and delete user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary/sock files.
Parameter: | Description: |
---|---|
domain |
Domain allowed to access. |
Manage user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed to access. |
Mmap user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
User mount tmpfs file
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
mounton tmpfs dir.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Mount user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Mount user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read all home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user home subdirectory symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the process state of all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read auditadm home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read auditadm home subdirectory symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read secadm home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read secadm home subdirectory symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read sysadm home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read sysadm home subdirectory symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user home subdirectory symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user temporary symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel to user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel files to unprivileged user pty types.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow a home directory for which the role has read-only access.
Allow a home directory for which the role has read-only access.
This does not allow execute access.
Parameter: | Description: |
---|---|
role |
The user role |
userdomain |
The user domain |
Read and write unconfiend SysV shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write unpriviledged user SysV sempaphores.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write unpriviledged user SysV shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search all home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search auditadm home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search search home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search spec home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search sysadm home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search users home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create objects in secadm directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in a auditadm home directory with an automatic type transition to the audit home file type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects under secadm home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Set attributes of all user home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of a user pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGCHLD signal to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send general signals to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send general signals to unprivileged user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send signull to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send signull to unprivileged user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Execute a shell in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Create objects sysadm home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in a sysadm home directory with an automatic type transition to the sysadm home file type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects under sysadm home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in the temporary directory with an automatic type transition to the user temporary type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Inherit the file descriptors from all user domains
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a inherited user TTYs and PTYs.
Allow the specified domain to read and write inherited user TTYs and PTYs. This will allow the domain to interact with the user via the terminal. Typically all interactive applications will require this access.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Inherit the file descriptors from unprivileged user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a user domain pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a user TTYs and PTYs.
Allow the specified domain to read and write user TTYs and PTYs. This will allow the domain to interact with the user via the terminal. Typically all interactive applications will require this access.
However, this also allows the applications to spy on user sessions or inject information into the user session. Thus, this access should likely not be allowed for non-interactive domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Make the specified type usable as a user application domain.
Parameter: | Description: |
---|---|
type |
Type to be used as a user application domain. |
type |
Type to be used as the domain entry point. |
Make the specified type usable as a user application domain type.
Parameter: | Description: |
---|---|
type |
Type to be used as a user application domain. |
Make the specified type usable in a user home directory.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in the user home directory. |
Create objects in user home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in a user home directory with an automatic type transition to the user home file type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Do a domain transition to the specified domain when executing a program in the user home directory.
Do a domain transition to the specified domain when executing a program in the user home directory.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Parameter: | Description: |
---|---|
source_domain |
Domain allowed to transition. |
target_domain |
Domain to transition to. |
Create objects under user home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Make the specified type usable as a user temporary file.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in the temporary directories. |
Create objects in a user temporary directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Make the specified type usable as a user tmpfs file.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in tmpfs directories. |
Write all users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write to user temporary named sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
write user_tmpfs_t socket file .
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
The template for creating an administrative user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
The privileges given to administrative users are:
Raw disk access
Set all sysctls
All kernel ring buffer controls
Create, read, write, and delete all files but shadow
Manage source and binary format SELinux policy
Run insmod
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., sysadm is the prefix for sysadm_t). |
The template for auditadm
The template for creating a unprivileged user roughly equivalent to a regular linux user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template containing the most basic rules common to all users.
The template containing the most basic rules common to all users.
This template creates a user domain, types, and rules for the user's tty and pty.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template allowing the user basic network permissions
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for allowing the user to change passwords.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template containing rules common to unprivileged users and administrative users.
This template creates a user domain, types, and rules for the user's tty, pty, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The tempate allow a home directory for which the role has full access.
Allow a home directory for which the role has full access.
This does not allow execute access.
Parameter: | Description: |
---|---|
role |
The user role |
userdomain |
The user domain |
The template for creating a unprivileged login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a unprivileged login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a unprivileged xwindows login user.
The template for creating a unprivileged xwindows login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for xguest.
The template for creating a unprivileged xwindows login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for secadm
The template for creating a unprivileged user roughly equivalent to a regular linux user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
Allow user to run as a secadm
Create objects in a user home directory with an automatic type transition to a specified private type.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
The role of the object to create. |
The template for sysadm
The template for creating a unprivileged user roughly equivalent to a regular linux user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a unprivileged user roughly equivalent to a regular linux user.
The template for creating a unprivileged user roughly equivalent to a regular linux user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a user xwindows client. (Deprecated)
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |