Create a aliased type to generic bin files. (Deprecated)
This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.
Allow the specified domain to execute generic programs in system bin directories (/bin, /sbin, /usr/bin, /usr/sbin) a without domain transition.
Typically, this interface should be used when the domain executes general system progams within the privileges of the source domain. Some examples of these programs are ls, cp, sed, python, and tar. This does not include shells, such as bash.
Related interface:
Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle the userhelper policy.
Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle the ssh-agent policy.
Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested. (Deprecated)
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle the ssh-agent policy.
Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested. (Deprecated)
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle the userhelper policy.
Allow the specified domain to execute shells without a domain transition.
Typically, this interface should be used when the domain executes shells within the privileges of the source domain. Some examples of these programs are bash, tcsh, and zsh.
Related interface:
Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon().
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Execute a shell in the specified domain.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Define type to be a network packet type
This is for supporting third party modules and its use is not allowed in upstream reference policy.
Define type to be a network port type
This is for supporting third party modules and its use is not allowed in upstream reference policy.
Define network type to be a reserved port (lt 1024)
This is for supporting third party modules and its use is not allowed in upstream reference policy.
Define network type to be a rpc port ( 512 lt PORT lt 1024)
This is for supporting third party modules and its use is not allowed in upstream reference policy.
Define type to be a network client packet type
This is for supporting third party modules and its use is not allowed in upstream reference policy.
Define type to be a network server packet type
This is for supporting third party modules and its use is not allowed in upstream reference policy.
Allow the specified domain to send and receive TCP network traffic on generic network interfaces.
Related interface:
Example client being able to connect to all ports over generic nodes, without labeled networking:
allow myclient_t self:tcp_socket create_stream_socket_perms; corenet_tcp_sendrecv_generic_if(myclient_t) corenet_tcp_sendrecv_generic_node(myclient_t) corenet_tcp_sendrecv_all_ports(myclient_t) corenet_tcp_connect_all_ports(myclient_t) corenet_all_recvfrom_unlabeled(myclient_t)
Allow the specified domain to send and receive UDP network traffic on generic network interfaces.
Related interface:
Example client being able to send to all ports over generic nodes, without labeled networking:
allow myclient_t self:udp_socket create_socket_perms; corenet_udp_sendrecv_generic_if(myclient_t) corenet_udp_sendrecv_generic_node(myclient_t) corenet_udp_sendrecv_all_ports(myclient_t) corenet_all_recvfrom_unlabeled(myclient_t)
Allow the specified domain to send and receive TCP network traffic to/from generic network nodes (hostnames/networks).
Related interface:
Example client being able to connect to all ports over generic nodes, without labeled networking:
allow myclient_t self:tcp_socket create_stream_socket_perms; corenet_tcp_sendrecv_generic_if(myclient_t) corenet_tcp_sendrecv_generic_node(myclient_t) corenet_tcp_sendrecv_all_ports(myclient_t) corenet_tcp_connect_all_ports(myclient_t) corenet_all_recvfrom_unlabeled(myclient_t)
Allow the specified domain to send and receive UDP network traffic to/from generic network nodes (hostnames/networks).
Related interface:
Example client being able to send to all ports over generic nodes, without labeled networking:
allow myclient_t self:udp_socket create_socket_perms; corenet_udp_sendrecv_generic_if(myclient_t) corenet_udp_sendrecv_generic_node(myclient_t) corenet_udp_sendrecv_all_ports(myclient_t) corenet_all_recvfrom_unlabeled(myclient_t)
Bind TCP sockets to generic nodes. This is necessary for binding a socket so it can be used for servers to listen for incoming connections.
Related interface:
Bind UDP sockets to generic nodes. This is necessary for binding a socket so it can be used for servers to listen for incoming connections.
Related interface:
Send and receive TCP network traffic on all ports. Related interfaces:
Example client being able to connect to all ports over generic nodes, without labeled networking:
allow myclient_t self:tcp_socket create_stream_socket_perms; corenet_tcp_sendrecv_generic_if(myclient_t) corenet_tcp_sendrecv_generic_node(myclient_t) corenet_tcp_sendrecv_all_ports(myclient_t) corenet_tcp_connect_all_ports(myclient_t) corenet_all_recvfrom_unlabeled(myclient_t)
Send and receive UDP network traffic on all ports. Related interfaces:
Example client being able to send to all ports over generic nodes, without labeled networking:
allow myclient_t self:udp_socket create_socket_perms; corenet_udp_sendrecv_generic_if(myclient_t) corenet_udp_sendrecv_generic_node(myclient_t) corenet_udp_sendrecv_all_ports(myclient_t) corenet_all_recvfrom_unlabeled(myclient_t)
Connect TCP sockets to all ports
Related interfaces:
Example client being able to connect to all ports over generic nodes, without labeled networking:
allow myclient_t self:tcp_socket create_stream_socket_perms; corenet_tcp_sendrecv_generic_if(myclient_t) corenet_tcp_sendrecv_generic_node(myclient_t) corenet_tcp_sendrecv_all_ports(myclient_t) corenet_tcp_connect_all_ports(myclient_t) corenet_all_recvfrom_unlabeled(myclient_t)
Send and receive messages on a non-encrypted (no IPSEC) network session. (Deprecated)
The corenet_all_recvfrom_unlabeled() interface should be used instead of this one.
Do not audit attempts to send and receive messages on a non-encrypted (no IPSEC) network session.
The corenet_dontaudit_all_recvfrom_unlabeled() interface should be used instead of this one.
Allow the specified domain to receive packets from an unlabeled connection. On machines that do not utilize labeled networking, this will be required on all networking domains. On machines tha do utilize labeled networking, this will be required for any networking domain that is allowed to receive network traffic that does not have a label.
Allow the specified domain to receive NetLabel network traffic, which utilizes the Commercial IP Security Option (CIPSO) to set the MLS level of the network packets. This is required for all networking domains that receive NetLabel network traffic.
Allow unlabeled_packet_t to be used by all domains that use the network
Rules for receiving labeled TCP packets.
Due to the nature of TCP, this is bidirectional.
Rules for receiving labeled packets via TCP, UDP and raw IP.
Due to the nature of TCP, the rules (for TCP networking only) are bidirectional.
Send and receive unlabeled packets. These packets do not match any netfilter SECMARK rules.
This module creates the device node concept and provides the policy for many of the device files. Notable exceptions are the mass storage and terminal devices that are covered by other modules.
This module creates the concept of a device node. That is a char or block device file, usually in /dev. All types that are used to label device nodes should use the dev_node macro.
Additionally, this module controls access to three things:
Make the specified type usable for device nodes in a filesystem. Types used for device nodes that do not use this interface, or an interface that calls this one, will have unexpected behaviors while the system is running.
Example:
type mydev_t; dev_node(mydev_t) allow mydomain_t mydev_t:chr_file read_chr_file_perms;
Related interfaces:
Read the memory type range registers (MTRR). This interface has been deprecated, dev_rw_mtrr() should be used instead.
The MTRR device ioctls can be used for reading and writing; thus, read access to the device cannot be separated from write access.
Write the memory type range registers (MTRR). This interface has been deprecated, dev_rw_mtrr() should be used instead.
The MTRR device ioctls can be used for reading and writing; thus, write access to the device cannot be separated from read access.
Allow the specified domain to read from random number generator devices (e.g., /dev/random). Typically this is used in situations when a cryptographically secure random number is needed.
Related interface:
Allow the specified domain to read the contents of the sysfs filesystem. This filesystem contains information, parameters, and other settings on the hardware installed on the system.
Allow the specified domain to read from pseudo random number generator devices (e.g., /dev/urandom). Typically this is used in situations when a cryptographically secure random number is not necessarily needed. One example is the Stack Smashing Protector (SSP, formerly known as ProPolice) support that may be compiled into programs.
Related interface:
Related tunable:
Make the specified type usable as a basic domain.
This is primarily used for kernel threads; generally the domain_type() interface is more appropriate for userland processes.
Make the specified type usable as a domain. This, or an interface that calls this interface, must be used on all types that are used as domains.
Related interfaces:
Example:
type mydomain_t; domain_type(mydomain_t) type myfile_t; files_type(myfile_t) allow mydomain_t myfile_t:file read_file_perms;
Allow the specified domain to perform dynamic transitions.
This violates process tranquility, and it is strongly suggested that this not be used.
Make the specified domain the target of the user domain exception of the SELinux role and identity change constraints.
This interface is needed to decouple the user domains from the base module. It should not be used other than on user domains.
Make the specified domain the source of the cron domain exception of the SELinux role and identity change constraints.
This interface is needed to decouple the cron domains from the base module. It should not be used other than on cron domains.
Make the specified domain the target of the cron domain exception of the SELinux role and identity change constraints.
This interface is needed to decouple the cron domains from the base module. It should not be used other than on user cron jobs.
Allow the specified domain to inherit and use file descriptors from domains with interactive programs. This does not allow access to the objects being referenced by the file descriptors.
Do not audit attempts to ptrace all domains.
Generally this needs to be suppressed because procps tries to access /proc/pid/environ and this now triggers a ptrace check in recent kernels (2.4 and 2.6).
Do not audit attempts to ptrace confined domains.
Generally this needs to be suppressed because procps tries to access /proc/pid/environ and this now triggers a ptrace check in recent kernels (2.4 and 2.6).
Get the attributes of all domains sockets, for all socket types.
This is commonly used for domains that can use lsof on all domains.
Do not audit attempts to get the attributes of all domains sockets, for all socket types.
This interface was added for PCMCIA cardmgr and is probably excessive.
Get the attributes of all domains unnamed pipes.
This is commonly used for domains that can use lsof on all domains.
Allow all domains to use other domains file descriptors
Allow all domains to have the kernel load modules
Allow all domains to execute in fips_mode
This module contains basic filesystem types and interfaces. This includes:
Make the specified type usable for files in a filesystem. Types used for files that do not use this interface, or an interface that calls this one, will have unexpected behaviors while the system is running. If the type is used for device nodes (character or block files), then the dev_node() interface is more appropriate.
Related interfaces:
Example:
type myfile_t; files_type(myfile_t) allow mydomain_t myfile_t:file read_file_perms;
Make the specified type usable for runtime process ID files, typically found in /var/run. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a PID file type may result in problems with starting or stopping services.
Related interfaces:
Example usage with a domain that can create and write its PID file with a private PID file type in the /var/run directory:
type mypidfile_t; files_pid_file(mypidfile_t) allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; files_pid_filetrans(mydomain_t, mypidfile_t, file)
Make the specified type usable for configuration files. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a temporary file may result in problems with configuration management tools.
Example usage with a domain that can read its configuration file /etc:
type myconffile_t; files_config_file(myconffile_t) allow mydomain_t myconffile_t:file read_file_perms; files_search_etc(mydomain_t)
Identify file type as base file type. Tools will use this attribute, to help users diagnose problems.
Make the specified type readable for all domains.
Make the specified type usable for temporary files. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a temporary file may result in problems with purging temporary files.
Related interfaces:
Example usage with a domain that can create and write its temporary file in the system temporary file directories (/tmp or /var/tmp):
type mytmpfile_t; files_tmp_file(mytmpfile_t) allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms }; files_tmp_filetrans(mydomain_t, mytmpfile_t, file)
Allow shared library text relocations in all files.
This is added to support WINE policy.
Allow the specified domain to read generic files in /etc. These files are typically general system configuration files that do not have more specific SELinux types. Some examples of these files are:
This interface does not include access to /etc/shadow.
Generally, it is safe for many domains to have this access. However, since this interface provides access to the /etc/passwd file, caution must be exercised, as user account names can be leaked through this access.
Related interfaces:
Create a boot flag, such as /.autorelabel and /.autofsck.
Allow the specified domain to read dynamically created configuration files in /etc. These files are typically general system configuration files that do not have more specific SELinux types. Some examples of these files are:
This interface does not include access to /etc/shadow.
Allow shared library text relocations in tmp files.
This is added to support java policy.
Allow the specified domain to read generic files in /usr. These files are various program files that do not have more specific SELinux types. Some examples of these files are:
Generally, it is safe for many domains to have this access.
Search the /var/lib directory. This is necessary to access files or directories under /var/lib that have a private type. For example, a domain accessing a private library file in the /var/lib directory:
allow mydomain_t mylibfile_t:file read_file_perms; files_search_var_lib(mydomain_t)
Create an object in the process ID directory (e.g., /var/run) with a private type. Typically this is used for creating private PID files in /var/run with the private type instead of the general PID file type. To accomplish this goal, either the program must be SELinux-aware, or use this interface.
Related interfaces:
Example usage with a domain that can create and write its PID file with a private PID file type in the /var/run directory:
type mypidfile_t; files_pid_file(mypidfile_t) allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; files_pid_filetrans(mydomain_t, mypidfile_t, file)
Create a core file in /,
Create a default_t direcrory
Allow the specified domain to get the attributes of a persistent filesystems which have extended attributes, such as ext3, JFS, or XFS. Example attributes:
Register an interpreter for new binary file types, using the kernel binfmt_misc support.
A common use for this is to register a JVM as an interpreter for Java byte code. Registered binaries can be directly executed on a command line without specifying the interpreter.
Execute a file on a CIFS or SMB filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle home directories on CIFS/SMB filesystems, in particular used by the ssh-agent policy.
Read eventpollfs files
This interface has been deprecated, and will be removed in the future.
Execute a file on a FUSE filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle home directories on FUSE filesystems, in particular used by the ssh-agent policy.
Execute a file on a NFS filesystem in the specified domain. This allows the specified domain to execute any file on a NFS filesystem in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle home directories on NFS filesystems, in particular used by the ssh-agent policy.
Allow the specified domain to et the attributes of all filesystems. Example attributes:
Allow the specified domain to request that the kernel load a kernel module. An example of this is the auto-loading of network drivers when doing an ioctl() on a network interface.
In the specific case of a module loading request on a network interface, the domain will also need the net_admin capability.
Allow the specified domain to request that the kernel load a kernel module. An example of this is the auto-loading of network drivers when doing an ioctl() on a network interface.
In the specific case of a module loading request on a network interface, the domain will also need the net_admin capability.
Allow the specified domain to read (follow) generic symbolic links (symlinks) in the proc filesystem (/proc). This interface does not include access to the targets of these links. An example symlink is /proc/self.
Allow the specified domain to read general system state information from the proc filesystem (/proc).
Generally it should be safe to allow this access. Some example files that can be read based on this interface:
This does not allow access to sysctl entries (/proc/sys/*) nor process state information (/proc/pid).
Allow the specified domain to read the networking state information. This includes several pieces of networking information, such as network interface names, netfilter (iptables) statistics, protocol information, routes, and remote procedure call (RPC) information.
Allow the specified domain to read general kernel sysctl settings. These settings are typically read using the sysctl program. The settings that are included by this interface are prefixed with "kernel.", for example, kernel.sysrq.
This does not include access to the hotplug handler setting (kernel.hotplug) nor the module installer handler setting (kernel.modprobe).
Related interfaces:
Send and receive messages from an unlabeled IPSEC association. Network connections that are not protected by IPSEC have use an unlabeled assocation.
The corenetwork interface corenet_non_ipsec_sendrecv() should be used instead of this one.
Do not audit attempts to send and receive messages from an unlabeled IPSEC association. Network connections that are not protected by IPSEC have use an unlabeled assocation.
The corenetwork interface corenet_dontaudit_non_ipsec_sendrecv() should be used instead of this one.
Receive TCP packets from an unlabeled connection.
The corenetwork interface corenet_tcp_recv_unlabeled() should be used instead of this one.
Do not audit attempts to receive TCP packets from an unlabeled connection.
The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled() should be used instead of this one.
Receive UDP packets from an unlabeled connection.
The corenetwork interface corenet_udp_recv_unlabeled() should be used instead of this one.
Do not audit attempts to receive UDP packets from an unlabeled connection.
The corenetwork interface corenet_dontaudit_udp_recv_unlabeled() should be used instead of this one.
Receive Raw IP packets from an unlabeled connection.
The corenetwork interface corenet_raw_recv_unlabeled() should be used instead of this one.
Do not audit attempts to receive Raw IP packets from an unlabeled connection.
The corenetwork interface corenet_dontaudit_raw_recv_unlabeled() should be used instead of this one.
Receive Raw IP packets from an unlabeled connection.
The corenetwork interface corenet_raw_recv_unlabeled() should be used instead of this one.
Send and receive unlabeled packets. These packets do not match any netfilter SECMARK rules.
The corenetwork interface corenet_sendrecv_unlabeled_packets() should be used instead of this one.
Receive packets from an unlabeled peer, these packets do not have any peer labeling information present.
The corenetwork interface corenet_recvfrom_unlabeled_peer() should be used instead of this one.
Do not audit attempts to receive packets from an unlabeled peer, these packets do not have any peer labeling information present.
The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled() should be used instead of this one.
Make specified process type MCS untrusted. This prevents this process from sending signals to other processes with different mcs labels object.
This module contains interfaces for handling multilevel security. The interfaces allow the specified subjects and objects to be allowed certain privileges in the MLS rules.
Make specified domain MLS trusted for reading from files at all levels.
This interface has been deprecated, please use mls_file_read_all_levels() instead.
Make specified domain MLS trusted for writing to files at all levels.
This interface has been deprecated, please use mls_file_write_all_levels() instead.
Make specified domain MLS trusted for reading from processes at all levels.
This interface has been deprecated, please use mls_process_read_all_levels() instead.
Make specified domain MLS trusted for writing to processes at all levels.
This interface has been deprecated, please use mls_process_write_all_levels() instead.
Make specified object MLS trusted. This allows all levels to read and write the object.
This currently only applies to filesystem objects, for example, files and directories.
Make the specified type used for labeling SELinux Booleans.
This makes use of genfscon statements, which are only available in the base module. Thus any module which calls this interface must be included in the base module.
Allow caller to set the mode of policy enforcement (enforcing or permissive mode).
Since this is a security event, this action is always audited.
Allow caller to set the state of Booleans to enable or disable conditional portions of the policy.
Since this is a security event, this action is always audited.
This interface has been deprecated. Please use selinux_set_generic_booleans() or selinux_set_all_booleans() instead.
Allow caller to set the state of generic Booleans to enable or disable conditional portions of the policy.
Since this is a security event, this action is always audited.
Allow caller to set the state of all Booleans to enable or disable conditional portions of the policy.
Since this is a security event, this action is always audited.
Allow caller to set SELinux access vector cache parameters. The allows the domain to set performance related parameters of the AVC, such as cache threshold.
Since this is a security event, this action is always audited.
Calculate the context for relabeling objects. This is determined by using the type_change rules in the policy, and is generally used for determining the context for relabeling a terminal when a user logs in.
Constrain the specified type by user-based access control (UBAC). Typically, these are user processes or user files that need to be differentiated by SELinux user. Normally this does not include administrative or privileged programs. For the UBAC rules to be enforced, both the subject (source) type and the object (target) types must be UBAC constrained.