admin_domain | Defines a domain for an administrative user . |
append_logdir_domain | Authorizes a specified domain to create, read, and append to logfiles within its own specially labeled logging directory. |
append_log_domain | Authorizes a specified domain to read and append to its own specially labeled logfiles. |
application_domain | Authorizes a specified domain to perform operations common to simple applications. |
base_file_read_access | Authorizes a specified domain to read and search several system file types. |
base_pty_perms | Authorizes a specified domain to access the pty master multiplexer domain and to search /dev/pts . |
base_user_domain | Defines a domain for a nonadministrative user. |
can_create_other_pty | Authorizes a specified domain to create new ptys for another specified domain. |
can_create_pty | Authorizes a specified domain to create new ptys. |
can_exec | Authorizes a specified domain to execute files having a specified type (domain) without transitioning to a new domain. |
can_exec_any | Authorizes a specified domain to execute a variety of executable types. |
can_getcon | Authorizes a specified domain to obtain its execution context. |
can_getsecurity | Authorizes a specified domain to query the security server. |
can_loadpol | Authorizes a specified domain to load a policy. |
can_network | Authorizes a specified domain to access the network. |
can_ps | Authorizes a process in a specified domain to see /proc entries for processes in another specified domain. |
can_ptrace | Authorizes a specified domain to trace processes executing in another specified domain. |
can_setbool | Authorizes a specified domain to set a policy Boolean. |
can_setenforce | Authorizes a specified domain to set the SELinux enforcement mode. |
can_setexec | Authorizes a specified domain to set its exec context. |
can_setfscreate | Authorizes a domain to set its fscreate context. |
can_sysctl | Authorizes a specified domain to modify sysctl parameters. |
can_tcp_connect | Authorizes a specified domain to establish a TCP connection with another specified domain. |
can_udp_send | Authorizes a specified domain to send UDP datagrams to another specified domain. |
can_unix_connect | Authorizes two specified domains to establish a Unix stream connection. |
can_unix_send | Authorizes a specified domain to send Unix datagrams to another specified domain. |
create_append_log_file | Authorizes a domain to read, write, and add names to directories and create and append to files. |
create_dir_file | Authorizes a specified domain to create and use directories and files. |
create_dir_notdevfile | Defines access-vector rules for creating and using directories and nondevice files. |
create_dir_perms | Defines permissions needed to create and use directories. |
create_file_perms | Defines permissions needed to create and use files. |
create_msgq_perms | Defines permissions needed to create message queues and read and write message queues and their attributes. |
create_sem_perms | Defines permissions needed to create semaphores and read and write semaphores and their attributes. |
create_shm_perms | Defines permissions needed to create shared memory segments and read and write shared memory segments and their attributes. |
create_socket_perms | Defines permissions needed to create, read, write, and otherwise use sockets. |
create_stream_socket_perms | Defines permissions needed to create, read, write, and otherwise use stream sockets. |
daemon_base_domain | Authorizes a specified domain to perform a variety of operations useful to daemons, including those authorized by daemon_core_rules . |
daemon_core_rules | Authorizes a specified domain to access a variety of types useful to daemons. |
daemon_domain | Authorizes a specified domain to use PID files. |
daemon_sub_domain | Defines a child domain of a specified domain. |
devfile_class_set | Defines a class that includes all device file classes. |
dgram_socket_class_set | Defines a class that includes all datagram socket classes. |
dir_file_class_set | Defines a class that includes all directory and file classes. |
domain_auto_trans | Authorizes a specified domain to automatically transition to another specified domain. |
domain_trans | Authorizes a specified domain to transition to another specified domain. |
etcdir_domain | Authorizes a specified domain to read files within its own specially labeled configuration subdirectory of directories labeled etc_t . |
etc_domain | Authorizes a specified domain to read its own specially labeled configuration files residing in directories labeled etc_t . |
file_class_set | Defines a class including all nondirectory file classes. |
file_type_auto_trans | Authorizes a specified domain to automatically label with a specified type files created within directories having another specified type. |
file_type_trans | Authorizes a specified domain to label with a specified type files created within directories having another specified type. |
full_user_role | Defines a role for a user who logs in to the system and has full user status. |
general_domain_access | Authorizes a specified domain to access processes, PID files, file descriptors, pipes, Unix sockets, and IPC objects belonging to the domain. |
general_proc_read_access | Authorizes a specified domain to access most nodes in the /proc filesystem. |
init_service_domain | Authorizes a specified domain to perform operations useful to programs that are run from init . |
in_user_role | Defines a type as accessible to the user_r and staff_r roles. |
link_file_perms | Defines permissions needed to link, unlink, and rename files. |
lock_domain | Authorizes a specified domain to use its own specially labeled lock files within directories labeled var_lock_t . |
logdir_domain | Authorizes a specified domain to create private logfiles. |
log_domain | Authorizes a specified domain to use files having type var_log_t . |
mini_user_domain | Defines a simple domain for a nonadministrative user having minimal privileges. |
mount_fs_perms | Defines permissions needed to mount and unmount filesystems. |
notdevfile_class_set | Defines a class including all nondevice file classes. |
packet_perms | Defines permissions needed to send and receive network packets. |
pty_slave_label | Authorizes a specified domain to access a slave pty, but not to create new ptys. |
r_dir_file | Authorizes a specified domain to read directories and files. |
r_dir_perms | Defines permissions needed to read directories and directory attributes. |
r_file_perms | Defines permissions needed to read files and file attributes. |
r_msgq_perms | Defines permissions needed to read message queues and message queue attributes. |
r_sem_perms | Defines permissions needed to read semaphores and semaphore attributes. |
r_shm_perms | Defines permissions needed to read shared memory segments and shared memory segment attributes. |
ra_dir_create_file | Defines access-vector rules for reading directories and files, creating and appending to files, and adding names to directories. |
ra_dir_file | Defines access vector rules for reading directories and files, appending to files, and adding names to directories. |
ra_dir_perms | Defines permissions needed to read directories and add names to directories. |
ra_file_perms | Defines permissions needed to read and append to files. |
read_locale | Authorizes a specified domain to read the locale data, /etc/localtime , and the file to which it links. |
read_sysctl | Authorizes a specified domain to read sysctl variables . |
rw_dir_create_file | Authorizes a specified domain to read and write directories and create and use files. |
rw_dir_file | Defines access vector rules for reading and writing files and directories. |
rw_dir_perms | Defines permissions needed to read and write directories and directory attributes. |
rw_file_perms | Defines permissions needed to read and write files and file attributes. |
rw_msgq_perms | Defines permissions needed to read and write message queues and their attributes. |
rw_sem_perms | Defines permissions needed to read and write semaphores and their attributes. |
rw_shm_perms | Defines permissions needed to read and write shared memory segments and their attributes. |
rw_socket_perms | Defines permissions needed to read, write, and otherwise use (but not create) sockets. |
rw_stream_socket_perms | Defines permissions needed to read, write, and otherwise use (but not create) stream sockets. |
rx_file_perms | Defines permissions needed to read and execute files. |
signal_perms | Defines permissions needed to send signals to processes. |
socket_class_set | Defines a class including all socket classes. |
stat_file_perms | Defines permissions needed to get file attributes. |
stream_socket_class_set | Defines a class including all stream socket classes. |
system_domain | Authorizes a specified domain to use shared libraries, the system log, access system administration files, and perform other operations common to system processes. |
tmp_domain | Authorizes a specified domain to create and use files having type tmp_t . |
tmpfs_domain | Authorizes a specified domain to create and use files having type tmpfs_t . |
unconfined_domain | Authorize a domain to perform any operation permitted by Linux DAC, effectively bypassing all SELinux policy checks. |
unpriv_socket_class_set | Defines a class including all nonprivileged socket classes (excludes rawip-, netlink -, and packet- related classes). |
user_application_domain | Authorizes a specified domain to perform operations common to simple applications and defines the domain as a user domain. |
user_domain | Defines a domain for a nonadministrative user. |
uses_authbind | Authorizes a specified domain to use services provided by the authbind_t domain. |
uses_shlib | Authorizes a specified domain to use shared libraries. |
var_lib_domain | Authorizes a specified domain to use files having type var_lib_t . |
var_run_domain | Authorizes a specified domain to create files in /var/run files and other directories created for the domain. |
x_file_perms | Defines permissions needed to execute files. |