<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_daemontools.html'> daemontools</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_iscsi.html'> iscsi</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_pcmcia.html'> pcmcia</a><br/> - <a href='system_raid.html'> raid</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_tzdata.html'> tzdata</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> - <a href='system_virtual.html'> virtual</a><br/> - <a href='system_xen.html'> xen</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: system</h1><p/> <h2>Module: unconfined</h2><p/> <h3>Description:</h3> <p><p>The unconfined domain.</p></p> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_unconfined_alias_domain"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_alias_domain</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Add an alias type to the unconfined domain. </p> <h5>Description</h5> <p> </p><p> Add an alias type to the unconfined domain. </p><p> </p><p> This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> New alias of the unconfined domain. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_create_keys"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_create_keys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create keys for the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dbus_chat"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dbus_chat</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send and receive messages from unconfined_t over dbus. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dbus_connect"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dbus_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to the the unconfined DBUS for service (acquire_svc). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dbus_send"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dbus_send</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send messages to the unconfined domain over dbus. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dgram_send"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dgram_send</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a message to unconfined over a unix domain datagram socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_domain"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domain</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain unconfined and audit executable memory and executable heap usage. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain to make unconfined. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_domain_noaudit"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domain_noaudit</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain unconfined. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain to make unconfined. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_domtrans_to"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domtrans_to</b>( domain , entry_file )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow unconfined to execute the specified program in the specified domain. </p> <h5>Description</h5> <p> </p><p> Allow unconfined to execute the specified program in the specified domain. </p><p> </p><p> This is a interface to support third party modules and its use is not allowed in upstream reference policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain to execute in. </p> </td><td> No </td></tr> <tr><td> entry_file </td><td> <p> Domain entry point file. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_read_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_read_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit Read and write unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_rw_stream"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_rw_stream</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write unconfined domain stream. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_rw_tcp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_rw_tcp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read or write unconfined domain tcp sockets. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to read or write unconfined domain tcp sockets. </p><p> </p><p> This interface was added due to a broken symptom in ldconfig. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_execmem_alias_program"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_execmem_alias_program</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Add an alias type to the unconfined execmem program file type. </p> <h5>Description</h5> <p> </p><p> Add an alias type to the unconfined execmem program file type. </p><p> </p><p> This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> New alias of the unconfined execmem program type. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_execmem_signal"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_execmem_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a signal to the unconfined execmem domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_execmem_signull"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_execmem_signull</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGNULL signal to the unconfined execmem domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_manage_semaphores"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_manage_semaphores</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage unconfined user SysV sempaphores. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_manage_shared_mem"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_manage_shared_mem</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage unconfined user SysV shared memory segments. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_read_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_read_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_run"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_run</b>( domain , role , terminal )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute specified programs in the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> The type of the process performing this action. </p> </td><td> No </td></tr> <tr><td> role </td><td> <p> The role to allow the unconfined domain. </p> </td><td> No </td></tr> <tr><td> terminal </td><td> <p> The type of the terminal allow the unconfined domain to use. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_rw_semaphores"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_rw_semaphores</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unconfined user SysV sempaphores. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_rw_shared_mem"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_rw_shared_mem</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unconfined user SysV shared memory segments. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_set_rlimitnh"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_set_rlimitnh</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow apps to set rlimits on userdomain </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_shell_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_shell_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to the unconfined domain by executing a shell. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_sigchld"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_sigchld</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_signal"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send generic signals to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_signull"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_signull</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGNULL signal to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_stream_connect"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_stream_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to the unconfined domain using a unix domain stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a name="link_unconfined_use_fds"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_use_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Inherit file descriptors from the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="80%"> <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td><td> No </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>