SELinux policy for systemd components
Allow domain to create/manage systemd_journal_log_t files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to manage var_run_t files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to access all service perms for all unit files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to access all service perms for all unit files except auditd
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send and receive messages from systemd logind over dbus.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Dontaudit domain to read all systemd unit files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Execute systemctl in the caller domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to systemd named content
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to getattr all systemd unit files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to list systemd unit dirs.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to connect to systemd_logger with a unix socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Tell systemd_login to halt the system.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read systemd_login PID files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read systemd_login PID files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Tell systemd_login to reboot the system.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the system status information from systemd_login
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Tell systemd_login to do an unknown access.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write systemd_login named pipe.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
manage all systemd unit files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
manage all systemd unit lnk_files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow to domain to create systemd-passwd symlink
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send generic signals to systemd_passwd_agent processes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
manage systemd unit dirs
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a domain transition to run systemd_notify.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Template for temporary sockets and files in /dev/.systemd/ask-password which are used by systemd-passwd-agent
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the domain (e.g., user is the prefix for user_t). |
Execute a domain transition to run systemd-tty-ask-password-agent.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute systemd-tty-ask-password-agent in the caller domain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Role access for systemd_passwd_agent
Parameter: | Description: |
---|---|
role |
Role allowed access |
domain |
User domain for the role |
Execute systemd-tty-ask-password-agent in the systemd_passwd_agent domain, and allow the specified role the systemd_passwd_agent domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access |
role |
The role to be allowed the systemd_passwd_agent domain. |
Allow to domain to read systemd-passwd pipe
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read logind sessions files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to read all systemd unit files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to read xdm_tmpfs files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow to search services dir.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to search systemd unit dirs.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send generic signals to systemd_passwd_agent processes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to start system service.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to status system service.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to status system service.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create a domain for processes which are started exuting systemctl.
Parameter: | Description: |
---|---|
domain_prefix |
Domain allowed access. |
Execute a domain transition to run systemd-tmpfiles.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow systemd_tmpfiles_t to manage filesystem objects
Parameter: | Description: |
---|---|
type |
type of object to manage |
class |
object class to manage |
Create a file type used for systemd unit files.
Parameter: | Description: |
---|---|
script_file |
Type to be used for an unit file. |
Use and and inherited systemd logind file descriptors.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write inherited logind sessions pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |