Create a domain for applications. Typically these are programs that are run interactively.
The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.
Pass shadow assertion for reading. This should only be used with auth_tunable_read_shadow(), and only exists because typeattribute does not work in conditionals.
Pass shadow assertion for reading. This should only be used with auth_tunable_read_shadow(), and only exists because typeattribute does not work in conditionals.
Read the shadow password file. This should only be used in a conditional; it does not pass the reading shadow assertion.
Allow the specified domain to look up user, password, group, or host information using the name service. The most common use of this interface is for services that do host name resolution (usually DNS resolution).
Unconfined access to the authlogin module.
Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet.
Allow users to login using a radius server
Allow users login programs to access /etc/shadow.
Allow users to login using a yubikey OTP server or challenge response mode
Policy for DJB's daemontools
Create a file type used for init scripts. It can not be used in conjunction with init_script_domain(). These script files are typically stored in the /etc/init.d directory.
Typically this is used to constrain what services an admin can start/stop. For example, a policy writer may want to constrain a web administrator to only being able to restart the web server, not other services. This special type will help address that goal.
This also makes the type usable for files; thus an explicit call to files_type() is redundant.
Create a domain used for init scripts. Can not be used in conjunction with init_script_file().
Create a domain for long running processes (daemons/services) which are started by init scripts. Short running processes should use the init_system_domain() interface instead. Typically all long running processes started by an init script (usually in /etc/init.d) will need to use this interface.
The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.
If the process must also run in a specific MLS/MCS level, the init_ranged_daemon_domain() should be used instead.
Create a domain for long running processes (daemons/services) which are started by init scripts, running at a specified MLS/MCS range. Short running processes should use the init_ranged_system_domain() interface instead. Typically all long running processes started by an init script (usually in /etc/init.d) will need to use this interface if they need to run in a specific MLS/MCS range.
The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.
If the policy build option TYPE is standard (MLS and MCS disabled), this interface has the same behavior as init_daemon_domain().
Create a domain for long running processes (daemons/services) which are started by init scripts. These are generally applications that are used to initialize the system during boot. Long running processes should use the init_daemon_domain() interface instead. Typically all short running processes started by an init script (usually in /etc/init.d) will need to use this interface.
The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.
If the process must also run in a specific MLS/MCS level, the init_ranged_system_domain() should be used instead.
Create a domain for long running processes (daemons/services) which are started by init scripts. These are generally applications that are used to initialize the system during boot. Long running processes should use the init_ranged_system_domain() interface instead. Typically all short running processes started by an init script (usually in /etc/init.d) will need to use this interface if they need to run in a specific MLS/MCS range.
The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.
If the policy build option TYPE is standard (MLS and MCS disabled), this interface has the same behavior as init_system_domain().
Allow the specified domain to inherit file descriptors from the init program (process ID 1). Typically the only file descriptors to be inherited from init are for the console. This does not allow the domain any access to the object to which the file descriptors references.
Related interfaces:
Example usage:
init_use_fds(mydomain_t) term_use_console(mydomain_t)
Normally, processes that can inherit these file descriptors (usually services) write messages to the system log instead of writing to the console. Therefore, in many cases, this access should dontaudited instead.
Example dontaudit usage:
init_dontaudit_use_fds(mydomain_t) term_dontaudit_use_console(mydomain_t)
Execute a init script in a specified domain.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Start and stop daemon programs directly in the traditional "/etc/init.d/daemon start" style, and do not require run_init.
Read and write the init script pty. This pty is generally opened by the open_init_pty portion of the run_init program so that the daemon does not require direct access to the administrator terminal.
Execute a init script in a specified role
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Enable support for upstart as the init program.
Allow all daemons to use tcp wrappers.
Allow all daemons the ability to read/write terminals
Allow all daemons to write corefiles to /
Enable cluster mode for daemons.
Allow racoon to read shadow
Do not audit attempts to write to library directories. Typically this is used to quiet attempts to recompile python byte code.
Create an object in lib directories, with the shared libraries type using a type transition. (Deprecated)
lib_filetrans_shared_lib() should be used instead.
Make the specified type usable for log files in a filesystem. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a log file type may result in problems with log rotation, log analysis, and log monitoring programs.
Related interfaces:
Example usage with a domain that can create and append to a private log file stored in the general directories (e.g., /var/log):
type mylogfile_t; logging_log_file(mylogfile_t) allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms }; logging_log_filetrans(mydomain_t, mylogfile_t, file)
Allow the specified domain to create an object in the general system log directories (e.g., /var/log) with a private type. Typically this is used for creating private log files in /var/log with the private type instead of the general system log type. To accomplish this goal, either the program must be SELinux-aware, or use this interface.
Related interfaces:
Example usage with a domain that can create and append to a private log file stored in the general directories (e.g., /var/log):
type mylogfile_t; logging_log_file(mylogfile_t) allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms }; logging_log_filetrans(mydomain_t, mylogfile_t, file)
Allow the specified domain to connect to the system log service (syslog), to send messages be added to the system logs. Typically this is used by services that do not have their own log file in /var/log.
This does not allow messages to be sent to the auditing system.
Programs which use the libc function syslog() will require this access.
Related interfaces:
Allow syslogd daemon to send mail
Allow syslogd daemon to read user tmp content
Allow syslogd the ability to read/write terminals
Allow syslogd the ability to call nagios plugins. It is turned on by omprog rsyslog plugin.
Make the specified type usable for cert files. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a temporary file may result in problems with cert management tools.
Related interfaces:
Example:
type mycertfile_t; cert_type(mycertfile_t) allow mydomain_t mycertfile_t:file read_file_perms; files_search_etc(mydomain_t)
Allow the specified domain to read the localization files. This is typically for time zone configuration files, such as /etc/localtime and files in /usr/share/zoneinfo. Typically, any domain which needs to know the GMT/UTC offset of the current timezone will need access to these files. Generally, it should be safe for any domain to read these files.
Allow the mount domain to send nfs requests for mounting network drives
This interface has been deprecated as these rules were a side effect of leaked mount file descriptors. This interface has no effect.
Allow the mount command to mount any directory or file.
Create, read, write, and delete the mdadm pid files.
Added for use in the init module.
Allow the specified domain to send a SIGCHLD signal to newrole. This signal is automatically sent from a process that is terminating to its parent. This may be needed by domains that are executed from newrole.
Execute init scripts in the run_init domain. This is used for the Gentoo integrated run_init.
Execute init scripts in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.
This is used for the Gentoo integrated run_init.
Create, read, write, and delete the general selinux configuration files.
This interface has been deprecated, please use the seutil_manage_config() interface instead.
SELinux-enabled programs are typically linked to the libselinux library. This interface will allow access required for the libselinux constructor to function.
SELinux-enabled programs are typically linked to the libselinux library. This interface will dontaudit access required for the libselinux constructor to function.
Generally this should not be used on anything but simple SELinux-enabled programs that do not rely on data initialized by the libselinux constructor.
Allow the specified domain to read the general network configuration files. A common example of this is the /etc/resolv.conf file, which has domain name system (DNS) server IP addresses. Typically, most networking processes will require the access provided by this interface.
Higher-level interfaces which involve networking will generally call this interface, for example:
Create DHCP state data.
This is added for DHCP server, as the server and client put their state files in the same directory.
Execute dhclient script in a specified role
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Allow dhcpc client applications to execute iptables commands
Allow the specified domain to read the udev device table.
Make the specified domain unconfined and audit executable heap usage. With exception of memory protections, usage of this interface will result in the level of access the domain has is like SELinux was not being used.
Only completely trusted domains should use this interface.
Add an alias type to the unconfined domain. (Deprecated)
This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.
Add an alias type to the unconfined execmem program file type. (Deprecated)
This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.
The template containing the most basic rules common to all users.
This template creates a user domain, types, and rules for the user's tty and pty.
Allow a home directory for which the role has read-only access.
This does not allow execute access.
Allow a home directory for which the role has full access.
This does not allow execute access.
Role access for the user tmpfs type that the user has full access.
This does not allow execute access.
This template creates a user domain, types, and rules for the user's tty, pty, tmp, and tmpfs files.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
The template for creating a unprivileged xwindows login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
The template for creating a unprivileged user roughly equivalent to a regular linux user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
The privileges given to administrative users are:
Create objects in a user home directory with an automatic type transition to a specified private type.
This is a templated interface, and should only be called from a per-userdomain template.
Do not audit attempts to search user home directories. This will supress SELinux denial messages when the specified domain is denied the permission to search these directories.
Do a domain transition to the specified domain when executing a program in the user home directory.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Allow the specified domain to read and write user TTYs and PTYs. This will allow the domain to interact with the user via the terminal. Typically all interactive applications will require this access.
However, this also allows the applications to spy on user sessions or inject information into the user session. Thus, this access should likely not be allowed for non-interactive domains.
Do not audit attempts to inherit the file descriptors from unprivileged user domains. This will supress SELinux denial messages when the specified domain is denied the permission to inherit these file descriptors.
Allow users to connect to mysql
Allow users to connect to PostgreSQL
Allow regular users direct mouse access
Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
Allow user processes to change their priority
Allow w to display everyone
Allow xen to manage nfs files