Layer: roles

Module: sysadm

Tunables Interfaces

Description:

General system administration role


Tunables:

allow_ptrace
Default value

false

Description

Allow sysadm to debug or ptrace all processes.

Return

Interfaces:

sysadm_bin_spec_domtrans( domain )
Summary

Execute a generic bin program in the sysadm domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_bin_spec_domtrans_to( domain )
Summary

Allow sysadm to execute a generic bin program in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Allow sysadm to execute a generic bin program in a specified domain.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain to execute in.

sysadm_create_keys( domain )
Summary

Create keys for the sysadm domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_create_socket( domain )
Summary

create sysadm socket.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_dbus_chat( domain )
Summary

Send and receive messages from sysadm over dbus.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_dbus_chat_dbusd( domain )
Summary

Send and receive messages from sysadm dbusd over dbus.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_entry_spec_domtrans( domain )
Summary

Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_entry_spec_domtrans_to( domain )
Summary

Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_home_list( domain )
Summary

list sysadm home.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_home_manage( domain )
Summary

manage sysadm home .

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_home_rw( domain )
Summary

read and write sysadm home .

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_home_search( domain )
Summary

search sysadm home.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_passwd_change( role )
Summary

allow passwd change.

Parameters
Parameter:Description:
role

Role allowed access.

sysadm_role_change( role )
Summary

Change to the system administrator role.

Parameters
Parameter:Description:
role

Role allowed access.

sysadm_role_change_to( role )
Summary

Change from the system administrator role.

Description

Change from the system administrator role to the specified role.

This is an interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
role

Role allowed access.

sysadm_rw_pipes( domain )
Summary

Read and write sysadm user unnamed pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_shell_domtrans( domain )
Summary

Execute a shell in the sysadm domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_sigchld( domain )
Summary

Send a SIGCHLD signal to sysadm users.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_socket_connectto( domain )
Summary

Allow to connectto sysadm unix_stream_socket.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_unix_socket( domain )
Summary

read/write/create/bind sysadm_t unix_stream_socket

Parameters
Parameter:Description:
domain

Domain allowed to access.

sysadm_use_fds( domain )
Summary

Inherit and use sysadm file descriptors

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadmdom_manage_home_role( type )
Summary

Modified admin home directory type.

Parameters
Parameter:Description:
type

Role allowed access.

Return