admin_domain
| Defines a domain for an administrative user . |
append_logdir_domain
| Authorizes a specified domain to create, read, and append to logfiles within its own specially labeled logging directory. |
append_log_domain
| Authorizes a specified domain to read and append to its own specially labeled logfiles. |
application_domain
| Authorizes a specified domain to perform operations common to simple applications. |
base_file_read_access
| Authorizes a specified domain to read and search several system file types. |
base_pty_perms
| Authorizes a specified domain to access the pty master multiplexer domain and to search /dev/pts . |
base_user_domain
| Defines a domain for a nonadministrative user. |
can_create_other_pty
| Authorizes a specified domain to create new ptys for another specified domain. |
can_create_pty
| Authorizes a specified domain to create new ptys. |
can_exec
| Authorizes a specified domain to execute files having a specified type (domain) without transitioning to a new domain. |
can_exec_any
| Authorizes a specified domain to execute a variety of executable types. |
can_getcon
| Authorizes a specified domain to obtain its execution context. |
can_getsecurity
| Authorizes a specified domain to query the security server. |
can_loadpol
| Authorizes a specified domain to load a policy. |
can_network
| Authorizes a specified domain to access the network. |
can_ps
| Authorizes a process in a specified domain to see /proc entries for processes in another specified domain. |
can_ptrace
| Authorizes a specified domain to trace processes executing in another specified domain. |
can_setbool
| Authorizes a specified domain to set a policy Boolean. |
can_setenforce
| Authorizes a specified domain to set the SELinux enforcement mode. |
can_setexec
| Authorizes a specified domain to set its exec context. |
can_setfscreate
| Authorizes a domain to set its fscreate context. |
can_sysctl
| Authorizes a specified domain to modify sysctl parameters. |
can_tcp_connect
| Authorizes a specified domain to establish a TCP connection with another specified domain. |
can_udp_send
| Authorizes a specified domain to send UDP datagrams to another specified domain. |
can_unix_connect
| Authorizes two specified domains to establish a Unix stream connection. |
can_unix_send
| Authorizes a specified domain to send Unix datagrams to another specified domain. |
create_append_log_file
| Authorizes a domain to read, write, and add names to directories and create and append to files. |
create_dir_file
| Authorizes a specified domain to create and use directories and files. |
create_dir_notdevfile
| Defines access-vector rules for creating and using directories and nondevice files. |
create_dir_perms
| Defines permissions needed to create and use directories. |
create_file_perms
| Defines permissions needed to create and use files. |
create_msgq_perms
| Defines permissions needed to create message queues and read and write message queues and their attributes. |
create_sem_perms
| Defines permissions needed to create semaphores and read and write semaphores and their attributes. |
create_shm_perms
| Defines permissions needed to create shared memory segments and read and write shared memory segments and their attributes. |
create_socket_perms
| Defines permissions needed to create, read, write, and otherwise use sockets. |
create_stream_socket_perms
| Defines permissions needed to create, read, write, and otherwise use stream sockets. |
daemon_base_domain
| Authorizes a specified domain to perform a variety of operations useful to daemons, including those authorized by daemon_core_rules . |
daemon_core_rules
| Authorizes a specified domain to access a variety of types useful to daemons. |
daemon_domain
| Authorizes a specified domain to use PID files. |
daemon_sub_domain
| Defines a child domain of a specified domain. |
devfile_class_set
| Defines a class that includes all device file classes. |
dgram_socket_class_set
| Defines a class that includes all datagram socket classes. |
dir_file_class_set
| Defines a class that includes all directory and file classes. |
domain_auto_trans
| Authorizes a specified domain to automatically transition to another specified domain. |
domain_trans
| Authorizes a specified domain to transition to another specified domain. |
etcdir_domain
| Authorizes a specified domain to read files within its own specially labeled configuration subdirectory of directories labeled etc_t . |
etc_domain
| Authorizes a specified domain to read its own specially labeled configuration files residing in directories labeled etc_t . |
file_class_set
| Defines a class including all nondirectory file classes. |
file_type_auto_trans
| Authorizes a specified domain to automatically label with a specified type files created within directories having another specified type. |
file_type_trans
| Authorizes a specified domain to label with a specified type files created within directories having another specified type. |
full_user_role
| Defines a role for a user who logs in to the system and has full user status. |
general_domain_access
| Authorizes a specified domain to access processes, PID files, file descriptors, pipes, Unix sockets, and IPC objects belonging to the domain. |
general_proc_read_access
| Authorizes a specified domain to access most nodes in the /proc filesystem. |
init_service_domain
| Authorizes a specified domain to perform operations useful to programs that are run from init . |
in_user_role
| Defines a type as accessible to the user_r and staff_r roles. |
link_file_perms
| Defines permissions needed to link, unlink, and rename files. |
lock_domain
| Authorizes a specified domain to use its own specially labeled lock files within directories labeled var_lock_t . |
logdir_domain
| Authorizes a specified domain to create private logfiles. |
log_domain
| Authorizes a specified domain to use files having type var_log_t . |
mini_user_domain
| Defines a simple domain for a nonadministrative user having minimal privileges. |
mount_fs_perms
| Defines permissions needed to mount and unmount filesystems. |
notdevfile_class_set
| Defines a class including all nondevice file classes. |
packet_perms
| Defines permissions needed to send and receive network packets. |
pty_slave_label
| Authorizes a specified domain to access a slave pty, but not to create new ptys. |
r_dir_file
| Authorizes a specified domain to read directories and files. |
r_dir_perms
| Defines permissions needed to read directories and directory attributes. |
r_file_perms
| Defines permissions needed to read files and file attributes. |
r_msgq_perms
| Defines permissions needed to read message queues and message queue attributes. |
r_sem_perms
| Defines permissions needed to read semaphores and semaphore attributes. |
r_shm_perms
| Defines permissions needed to read shared memory segments and shared memory segment attributes. |
ra_dir_create_file
| Defines access-vector rules for reading directories and files, creating and appending to files, and adding names to directories. |
ra_dir_file
| Defines access vector rules for reading directories and files, appending to files, and adding names to directories. |
ra_dir_perms
| Defines permissions needed to read directories and add names to directories. |
ra_file_perms
| Defines permissions needed to read and append to files. |
read_locale
| Authorizes a specified domain to read the locale data, /etc/localtime , and the file to which it links. |
read_sysctl
| Authorizes a specified domain to read sysctl variables . |
rw_dir_create_file
| Authorizes a specified domain to read and write directories and create and use files. |
rw_dir_file
| Defines access vector rules for reading and writing files and directories. |
rw_dir_perms
| Defines permissions needed to read and write directories and directory attributes. |
rw_file_perms
| Defines permissions needed to read and write files and file attributes. |
rw_msgq_perms
| Defines permissions needed to read and write message queues and their attributes. |
rw_sem_perms
| Defines permissions needed to read and write semaphores and their attributes. |
rw_shm_perms
| Defines permissions needed to read and write shared memory segments and their attributes. |
rw_socket_perms
| Defines permissions needed to read, write, and otherwise use (but not create) sockets. |
rw_stream_socket_perms
| Defines permissions needed to read, write, and otherwise use (but not create) stream sockets. |
rx_file_perms
| Defines permissions needed to read and execute files. |
signal_perms
| Defines permissions needed to send signals to processes. |
socket_class_set
| Defines a class including all socket classes. |
stat_file_perms
| Defines permissions needed to get file attributes. |
stream_socket_class_set
| Defines a class including all stream socket classes. |
system_domain
| Authorizes a specified domain to use shared libraries, the system log, access system administration files, and perform other operations common to system processes. |
tmp_domain
| Authorizes a specified domain to create and use files having type tmp_t . |
tmpfs_domain
| Authorizes a specified domain to create and use files having type tmpfs_t . |
unconfined_domain
| Authorize a domain to perform any operation permitted by Linux DAC, effectively bypassing all SELinux policy checks. |
unpriv_socket_class_set
| Defines a class including all nonprivileged socket classes (excludes rawip-, netlink -, and packet- related classes). |
user_application_domain
| Authorizes a specified domain to perform operations common to simple applications and defines the domain as a user domain. |
user_domain
| Defines a domain for a nonadministrative user. |
uses_authbind
| Authorizes a specified domain to use services provided by the authbind_t domain. |
uses_shlib
| Authorizes a specified domain to use shared libraries. |
var_lib_domain
| Authorizes a specified domain to use files having type var_lib_t . |
var_run_domain
| Authorizes a specified domain to create files in /var/run files and other directories created for the domain. |
x_file_perms
| Defines permissions needed to execute files. |
