Layer: kernel

Module: files

Interfaces

Description:

This module contains basic filesystem types and interfaces. This includes:

This module is required to be included in all policies.


Interfaces:

files_associate_tmp( file_type )
Summary

Allow the specified type to associate to a filesystem with the type of the temporary directory (/tmp).

Parameters
Parameter:Description:
file_type

Type of the file to associate.

files_boot_filetrans( domain , private_type , object_class )
Summary

Create a private type object in boot with an automatic type transition

Parameters
Parameter:Description:
domain

Domain allowed access.

private_type

The type of the object to be created.

object_class

The object class of the object being created.

files_config_file( file_type )
Summary

Make the specified type a configuration file.

Parameters
Parameter:Description:
file_type

Type to be used as a configuration file.

files_create_boot_dirs( domain )
Summary

Create directories in /boot

Parameters
Parameter:Description:
domain

Domain allowed access.

files_create_boot_flag( domain )
Summary

Create a boot flag.

Description

Create a boot flag, such as /.autorelabel and /.autofsck.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_create_kernel_img( domain )
Summary

Install a kernel into the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_create_kernel_symbol_table( domain )
Summary

Install a system.map into the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_all_locks( domain )
Summary

Delete all lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_all_pid_dirs( domain )
Summary

Delete all process ID directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_all_pids( domain )
Summary

Delete all process IDs.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_etc_files( domain )
Summary

Delete system configuration files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_dirs( domain )
Summary

Delete directories on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_files( domain )
Summary

Delete files on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_kernel( domain )
Summary

Delete a kernel from /boot.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_kernel_modules( domain )
Summary

Delete kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_kernel_symbol_table( domain )
Summary

Delete a system.map in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_root_dir_entry( domain )
Summary

Remove entries from the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_tmp_dir_entry( domain )
Summary

Remove entries from the tmp directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_usr_dirs( domain )
Summary

Delete generic directories in /usr in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_usr_files( domain )
Summary

Delete generic files in /usr in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_getattr_all_dirs( domain )
Summary

Do not audit attempts to get the attributes of all directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_files( domain )
Summary

Do not audit attempts to get the attributes of all files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_pipes( domain )
Summary

Do not audit attempts to get the attributes of all named pipes.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_sockets( domain )
Summary

Do not audit attempts to get the attributes of all named sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_symlinks( domain )
Summary

Do not audit attempts to get the attributes of all symbolic links.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_tmp_files( domain )
Summary

Do not audit attempts to get the attributes of all tmp files.

Parameters
Parameter:Description:
domain

Domain not to audit.

files_dontaudit_getattr_all_tmp_sockets( domain )
Summary

Do not audit attempts to get the attributes of all tmp sock_file.

Parameters
Parameter:Description:
domain

Domain not to audit.

files_dontaudit_getattr_boot_dirs( domain )
Summary

Do not audit attempts to get attributes of the /boot directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_default_dirs( domain )
Summary

Do not audit attempts to get the attributes of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_default_files( domain )
Summary

Do not audit attempts to get the attributes of files with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_home_dir( domain )
Summary

Do not audit attempts to get the attributes of the home directories root (/home).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_lost_found_dirs( domain )
Summary

Do not audit attempts to get the attributes of lost+found directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_blk_files( domain )
Summary

Do not audit attempts to get the attributes of non security block devices.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_chr_files( domain )
Summary

Do not audit attempts to get the attributes of non security character devices.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_files( domain )
Summary

Do not audit attempts to get the attributes of non security files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_pipes( domain )
Summary

Do not audit attempts to get the attributes of non security named pipes.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_sockets( domain )
Summary

Do not audit attempts to get the attributes of non security named sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_symlinks( domain )
Summary

Do not audit attempts to get the attributes of non security symbolic links.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_pid_dirs( domain )
Summary

Do not audit attempts to get the attributes of the /var/run directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_tmp_dirs( domain )
Summary

Do not audit attempts to get the attributes of the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_ioctl_all_pids( domain )
Summary

Do not audit attempts to ioctl daemon runtime data files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_list_default( domain )
Summary

Do not audit attempts to list contents of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_home( domain )
Summary

Do not audit attempts to list home directories root (/home).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_non_security( domain )
Summary

Do not audit attempts to list all non-security directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_tmp( domain )
Summary

Do not audit listing of the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain not to audit.

files_dontaudit_read_all_symlinks( domain )
Summary

Do not audit attempts to read all symbolic links.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_read_default_files( domain )
Summary

Do not audit attempts to read files with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_read_etc_runtime_files( domain )
Summary

Do not audit attempts to read files in /etc that are dynamically created on boot, such as mtab.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_read_root_files( domain )
Summary

Do not audit attempts to read files in the root directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_rw_root_chr_files( domain )
Summary

Do not audit attempts to read or write character device nodes in the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_rw_root_dir( domain )
Summary

Do not audit attempts to write files in the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_rw_root_files( domain )
Summary

Do not audit attempts to read or write files in the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_rw_usr_dirs( domain )
Summary

dontaudit Add and remove entries from /usr directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_search_all_dirs( domain )
Summary

Do not audit attempts to search the contents of any directories on extended attribute filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_search_boot( domain )
Summary

Do not audit attempts to search the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_search_home( domain )
Summary

Do not audit attempts to search home directories root (/home).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_isid_type_dirs( domain )
Summary

Do not audit attempts to search directories on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_search_locks( domain )
Summary

Do not audit attempts to search the locks directory (/var/lock).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_mnt( domain )
Summary

Do not audit attempts to search /mnt.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_pids( domain )
Summary

Do not audit attempts to search the /var/run directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_spool( domain )
Summary

Do not audit attempts to search generic spool directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_src( domain )
Summary

Do not audit attempts to search /usr/src.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_tmp( domain )
Summary

Do not audit attempts to search the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_search_var( domain )
Summary

Do not audit attempts to search the contents of /var.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_all_pids( domain )
Summary

Do not audit attempts to write to daemon runtime data files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_write_etc_files( domain )
Summary

Do not audit attempts to write generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_write_usr_files( domain )
Summary

dontaudit write of /usr files

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_write_var_dirs( domain )
Summary

Do not audit attempts to write to /var.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_etc_filetrans( domain , file_type , class )
Summary

Create objects in /etc with a private type using a type_transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

Private file type.

class

Object classes to be created.

files_etc_filetrans_etc_runtime( domain , object )
Summary

Create, etc runtime objects with an automatic type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

object

The class of the object being created.

files_exec_etc_files( domain )
Summary

Execute generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_exec_usr_files( domain )
Summary

Execute generic programs in /usr in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_exec_usr_src_files( domain )
Summary

Execute programs in /usr/src in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_execmod_all_files( domain )
Summary

Allow shared library text relocations in all files.

Description

Allow shared library text relocations in all files.

This is added to support WINE policy.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_dirs( domain )
Summary

Get the attributes of all directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_file_type_fs( domain )
Summary

Get the attributes of all filesystems with the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_files( domain )
Summary

Get the attributes of all files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_mountpoints( domain )
Summary

Get the attributes of all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_pipes( domain )
Summary

Get the attributes of all named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_sockets( domain )
Summary

Get the attributes of all named sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_symlinks( domain )
Summary

Get the attributes of all symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_tmp_files( domain )
Summary

Allow attempts to get the attributes of all tmp files.

Parameters
Parameter:Description:
domain

Domain not to audit.

files_getattr_boot_dirs( domain )
Summary

Get attributes of the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_default_dirs( domain )
Summary

Getattr of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_generic_locks( domain )
Summary

Get the attributes of generic lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_home_dir( domain )
Summary

Get the attributes of the home directories root (/home).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_isid_type_dirs( domain )
Summary

Getattr of directories on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_kernel_modules( domain )
Summary

Get the attributes of kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_lost_found_dirs( domain )
Summary

Get the attributes of lost+found directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_tmp_dirs( domain )
Summary

Get the attributes of the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_usr_files( domain )
Summary

Get the attributes of files in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_usr_src_files( domain )
Summary

Get the attributes of files in /usr/src.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_var_lib_dirs( domain )
Summary

Get the attributes of the /var/lib directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_home_filetrans( domain , home_type , object )
Summary

Create objects in /home.

Parameters
Parameter:Description:
domain

Domain allowed access.

home_type

The private type.

object

The class of the object being created.

files_kernel_modules_filetrans( domain , private_type , object_class )
Summary

Create objects in the kernel module directories with a private type via an automatic type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private_type

The type of the object to be created.

object_class

The object class of the object being created.

files_list_all( domain )
Summary

List the contents of all directories on extended attribute filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_default( domain )
Summary

List contents of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_etc( domain )
Summary

List the contents of /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_home( domain )
Summary

Get listing of home directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_isid_type_dirs( domain )
Summary

List the contents of directories on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_kernel_modules( domain )
Summary

List the contents of the kernel module directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_mnt( domain )
Summary

List the contents of /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_non_security( domain )
Summary

List all non-security directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_pids( domain )
Summary

List the contents of the runtime process ID directories (/var/run).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_root( domain )
Summary

List the contents of the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_spool( domain )
Summary

List the contents of generic spool (/var/spool) directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_tmp( domain )
Summary

Read the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_usr( domain )
Summary

List the contents of generic directories in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_var( domain )
Summary

List the contents of /var.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_var_lib( domain )
Summary

List the contents of the /var/lib directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_world_readable( domain )
Summary

List world-readable directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_lock_file( type )
Summary

Make the specified type usable for lock files.

Parameters
Parameter:Description:
type

Type to be used for lock files.

files_lock_filetrans( domain , private type , object )
Summary

Create an object in the locks directory, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

files_manage_all_files( domain , exception_types )
Summary

Manage all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_manage_all_locks( domain )
Summary

manage all lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_boot_files( domain )
Summary

Create, read, write, and delete files in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_boot_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_config_dirs( domain )
Summary

Manage all configuration directories on filesystem

Parameters
Parameter:Description:
domain

The type of domain performing this action

files_manage_config_files( domain )
Summary

Manage all configuration files on filesystem

Parameters
Parameter:Description:
domain

The type of domain performing this action

files_manage_etc_dirs( domain )
Summary

Manage generic directories in /etc

Parameters
Parameter:Description:
domain

Domain allowed access

files_manage_etc_files( domain )
Summary

Create, read, write, and delete generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_etc_runtime_files( domain )
Summary

Create, read, write, and delete files in /etc that are dynamically created on boot, such as mtab.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_etc_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_locks( domain )
Summary

Create, read, write, and delete generic lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_spool( domain )
Summary

Create, read, write, and delete generic spool files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_spool_dirs( domain )
Summary

Create, read, write, and delete generic spool directories (/var/spool).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_tmp_dirs( domain )
Summary

Manage temporary directories in /tmp.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

files_manage_generic_tmp_files( domain )
Summary

Manage temporary files and directories in /tmp.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

files_manage_isid_type_blk_files( domain )
Summary

Create, read, write, and delete block device nodes on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_chr_files( domain )
Summary

Create, read, write, and delete character device nodes on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_dirs( domain )
Summary

Create, read, write, and delete directories on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_files( domain )
Summary

Create, read, write, and delete files on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_symlinks( domain )
Summary

Create, read, write, and delete symbolic links on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_kernel_modules( domain )
Summary

Create, read, write, and delete kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_lost_found( domain )
Summary

Create, read, write, and delete objects in lost+found directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mnt_dirs( domain )
Summary

Create, read, write, and delete directories in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mnt_files( domain )
Summary

Create, read, write, and delete files in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mnt_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mounttab( domain )
Summary

Allow domain to manage mount tables necessary for rpcd, nfsd, etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_non_security_dirs( domain )
Summary

Allow attempts to manage non-security directories

Parameters
Parameter:Description:
domain

Domain to allow

files_manage_pid_dirs( domain )
Summary

Create directories under /var/run

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_urandom_seed( domain )
Summary

Create, read, write, and delete the pseudorandom number generator seed.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_usr_files( domain )
Summary

Create, read, write, and delete files in the /usr directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_var_dirs( domain )
Summary

Create, read, write, and delete directories in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_var_files( domain )
Summary

Create, read, write, and delete files in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_var_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mount_all_file_type_fs( domain )
Summary

Mount all filesystems with the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_all_mountpoints( domain )
Summary

Mount a filesystem on all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_all_poly_members( domain )
Summary

Mount filesystems on all polyinstantiation member directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_default( domain )
Summary

Mount a filesystem on a directory with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_isid_type_dirs( domain )
Summary

Mount a filesystem on a directory on new filesystems that has not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_mnt( domain )
Summary

Mount a filesystem on /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_non_security( domain )
Summary

Mount a filesystem on all non-security directories and files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mountpoint( type )
Summary

Make the specified type usable for filesystem mount points.

Parameters
Parameter:Description:
type

Type to be used for mount points.

files_pid_file( type )
Summary

Make the specified type usable for runtime process ID files.

Parameters
Parameter:Description:
type

Type to be used for PID files.

files_pid_filetrans( domain , private type , object )
Summary

Create an object in the process ID directory, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

files_poly( file_type )
Summary

Make the specified type a polyinstantiated directory.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a polyinstantiated directory.

files_poly_member( file_type )
Summary

Make the specified type a polyinstantiation member directory.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a member directory.

files_poly_member_tmp( domain , file_type )
Summary

Make the domain use the specified type of polyinstantiated directory.

Parameters
Parameter:Description:
domain

Domain using the polyinstantiated directory.

file_type

Type of the file to be used as a member directory.

files_poly_parent( file_type )
Summary

Make the specified type a parent of a polyinstantiated directory.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a parent directory.

files_polyinstantiate_all( domain )
Summary

Allow access to manage all polyinstantiated directories on the system.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_purge_tmp( domain )
Summary

Delete the contents of /tmp.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_blk_files( domain )
Summary

Read all block nodes with file types.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_chr_files( domain )
Summary

Read all character nodes with file types.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_dirs_except( domain , exception_types )
Summary

Read all directories on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_files( domain )
Summary

Read all files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_files_except( domain , exception_types )
Summary

Read all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_locks( domain )
Summary

Read all lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_pids( domain )
Summary

Read all process ID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_symlinks( domain )
Summary

Read all symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_symlinks_except( domain , exception_types )
Summary

Read all symbolic links on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_tmp_files( domain )
Summary

Read all tmp files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_files( domain )
Summary

Read files with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_pipes( domain )
Summary

Read named pipes with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_sockets( domain )
Summary

Read sockets with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_symlinks( domain )
Summary

Read symbolic links with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_etc_files( domain )
Summary

Read generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_etc_runtime_files( domain )
Summary

Read files in /etc that are dynamically created on boot, such as mtab.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_etc_symlinks( domain )
Summary

Read symbolic links in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_pids( domain )
Summary

Read generic process ID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_spool( domain )
Summary

Read generic spool files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_tmp_files( domain )
Summary

Read files in the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_tmp_symlinks( domain )
Summary

Read symbolic links in the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_isid_type_files( domain )
Summary

Read files on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_kernel_img( domain )
Summary

Read kernel files in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_kernel_modules( domain )
Summary

Read kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_kernel_symbol_table( domain )
Summary

Read system.map in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_mnt_files( domain )
Summary

read files in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_non_security_files( domain )
Summary

Read all non-security files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_usr_files( domain )
Summary

Read generic files in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_usr_src_files( domain )
Summary

Read files in /usr/src.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_usr_symlinks( domain )
Summary

Read symbolic links in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_files( domain )
Summary

Read files in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_lib_files( domain )
Summary

Read generic files in /var/lib.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_lib_symlinks( domain )
Summary

Read generic symbolic links in /var/lib

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_symlinks( domain )
Summary

Read symbolic links in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_files( domain )
Summary

Read world-readable files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_pipes( domain )
Summary

Read world-readable named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_sockets( domain )
Summary

Read world-readable sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_symlinks( domain )
Summary

Read world-readable symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_all_file_type_fs( domain )
Summary

Relabel a filesystem to the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_all_files( domain , exception_types )
Summary

Relabel all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_relabel_config_dirs( domain )
Summary

Relabel configuration directories

Parameters
Parameter:Description:
domain

Type of domain performing this action

files_relabel_config_files( domain )
Summary

Relabel configuration files

Parameters
Parameter:Description:
domain

Type of domain performing this action

files_relabel_etc_files( domain )
Summary

Relabel from and to generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_kernel_modules( domain )
Summary

Relabel from and to kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelfrom_boot_files( domain )
Summary

Relabel from files in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelfrom_usr_files( domain )
Summary

Relabel a file from the type used in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelto_all_file_type_fs( domain )
Summary

Relabel a filesystem to the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelto_usr_files( domain )
Summary

Relabel a file to the type used in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_root_filetrans( domain , private type , object )
Summary

Create an object in the root directory, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

files_rw_all_files( domain , exception_types )
Summary

rw all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_rw_boot_symlinks( domain )
Summary

Read and write symbolic links in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_etc_dirs( domain )
Summary

Add and remove entries from /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_etc_files( domain )
Summary

Read and write generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_etc_runtime_files( domain )
Summary

Read and write files in /etc that are dynamically created on boot, such as mtab.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_generic_pids( domain )
Summary

Read and write generic process ID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_generic_tmp_sockets( domain )
Summary

Read and write generic named sockets in the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_isid_type_blk_files( domain )
Summary

Read and write block device nodes on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_isid_type_dirs( domain )
Summary

Read and write directories on new filesystems that have not yet been labeled.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_lock_dirs( domain )
Summary

Add and remove entries in the /var/lock directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_usr_dirs( domain )
Summary

Add and remove entries from /usr directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_var_files( domain )
Summary

Read and write files in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_var_lib_dirs( domain )
Summary

Read-write /var/lib directories

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_all( domain )
Summary

Search the contents of all directories on extended attribute filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_all_mountpoints( domain )
Summary

Search all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_boot( domain )
Summary

Search the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_default( domain )
Summary

Search the contents of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_etc( domain )
Summary

Search the contents of /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_home( domain )
Summary

Search home directories root (/home).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_kernel_modules( domain )
Summary

Search the contents of the kernel module directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_locks( domain )
Summary

Search the locks directory (/var/lock).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_mnt( domain )
Summary

Search the contents of /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_pids( domain )
Summary

Search the contents of runtime process ID directories (/var/run).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_spool( domain )
Summary

Search the contents of generic spool directories (/var/spool).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_tmp( domain )
Summary

Search the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_usr( domain )
Summary

Search the content of /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_var( domain )
Summary

Search the contents of /var.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_var_lib( domain )
Summary

Search the /var/lib directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_security_file( file_type )
Summary

Make the specified type a file that should not be dontaudited from browsing from user domains.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a member directory.

files_security_mountpoint( type )
Summary

Make the specified type usable for security file filesystem mount points.

Parameters
Parameter:Description:
type

Type to be used for mount points.

files_setattr_all_tmp_dirs( domain )
Summary

Set the attributes of all tmp directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_setattr_etc_dirs( domain )
Summary

Set the attributes of the /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_spool_filetrans( domain , file , class )
Summary

Create objects in the spool directory with a private type with a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

file

Type to which the created node will be transitioned.

class

Object class(es) (single or set including {}) for which this the transition will occur.

files_tmp_file( file_type )
Summary

Make the specified type a file used for temporary files.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a temporary file.

files_tmp_filetrans( domain , private type , object )
Summary

Create an object in the tmp directories, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

files_tmpfs_file( type )
Summary

Transform the type into a file, for use on a virtual memory filesystem (tmpfs).

Parameters
Parameter:Description:
type

The type to be transformed.

files_type( type )
Summary

Make the specified type usable for files in a filesystem.

Parameters
Parameter:Description:
type

Type to be used for files.

files_unconfined( domain )
Summary

Unconfined access to files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_unmount_all_file_type_fs( domain )
Summary

Unmount all filesystems with the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_unmount_rootfs( domain )
Summary

Unmount a rootfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_usr_filetrans( domain , file_type , object_class )
Summary

Create objects in the /usr directory

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

The type of the object to be created

object_class

The object class.

files_var_filetrans( domain , file_type , object_class )
Summary

Create objects in the /var directory

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

The type of the object to be created

object_class

The object class.

files_var_lib_filetrans( domain , file_type , object_class )
Summary

Create objects in the /var/lib directory

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

The type of the object to be created

object_class

The object class.

files_write_kernel_modules( domain )
Summary

Write kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_write_non_security_dirs( domain )
Summary

Allow attempts to modify any directory

Parameters
Parameter:Description:
domain

Domain to allow

files_write_var_dirs( domain )
Summary

Allow attempts to write to /var.dirs

Parameters
Parameter:Description:
domain

Domain to not audit.

Return