<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_corecommands.html'> corecommands</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_domain.html'> domain</a><br/> - <a href='kernel_files.html'> files</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_mcs.html'> mcs</a><br/> - <a href='kernel_mls.html'> mls</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> - <a href='kernel_ubac.html'> ubac</a><br/> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: kernel</h1><p/> <h2>Module: kernel</h2><p/> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p> Policy for kernel threads, proc filesystem, and unlabeled processes and objects. </p></p> <p>This module is required to be included in all policies.</p> <hr> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_kernel_change_ring_buffer_level"></a> <div id="interface"> <div id="codeblock"> <b>kernel_change_ring_buffer_level</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Change the level of kernel messages logged to the console. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_clear_ring_buffer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_clear_ring_buffer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows the caller to clear the ring buffer. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type clearing the buffer. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dgram_send"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dgram_send</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send messages to kernel unix datagram sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_domtrans_to"></a> <div id="interface"> <div id="codeblock"> <b>kernel_domtrans_to</b>( domain , entrypoint )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows to start userland processes by transitioning to the specified domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type entered by kernel. </p> </td></tr> <tr><td> entrypoint </td><td> <p> The executable type for the entrypoint. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_core_if"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_core_if</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of core kernel interfaces. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_message_if"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_message_if</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get the attributes of kernel message interfaces. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_unlabeled_blk_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_unlabeled_blk_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get attributes for unlabeled block devices. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_unlabeled_chr_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_unlabeled_chr_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get attributes for unlabeled character devices. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_unlabeled_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_unlabeled_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get the attributes of an unlabeled file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_unlabeled_pipes"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_unlabeled_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get the attributes of unlabeled named pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_unlabeled_sockets"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_unlabeled_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get the attributes of unlabeled named sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_getattr_unlabeled_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_getattr_unlabeled_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to get the attributes of unlabeled symbolic links. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_link_key"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_link_key</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit link to the kernel key ring. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_list_all_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_list_all_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to list all proc directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_list_all_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_list_all_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to list all sysctl directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_list_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_list_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to list the contents of directories in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_list_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_list_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to list unlabeled directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_raw_recvfrom_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_raw_recvfrom_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to receive Raw IP packets from an unlabeled connection. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to receive Raw IP packets from an unlabeled connection. </p><p> </p><p> The corenetwork interface corenet_dontaudit_raw_recv_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_read_proc_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_read_proc_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to read system state information in proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_read_ring_buffer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_read_ring_buffer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read the ring buffer. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_read_system_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_read_system_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to read system state information in proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_read_unlabeled_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_read_unlabeled_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to read an unlabeled file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_recvfrom_unlabeled_peer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_recvfrom_unlabeled_peer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to receive packets from an unlabeled peer. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to receive packets from an unlabeled peer, these packets do not have any peer labeling information present. </p><p> </p><p> The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_request_load_module"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_request_load_module</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Dontaudit caller request the kernel to load a module </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to request that the kernel load a kernel module. An example of this is the auto-loading of network drivers when doing an ioctl() on a network interface. </p><p> </p><p> In the specific case of a module loading request on a network interface, the domain will also need the net_admin capability. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_debugfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_debugfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search the kernel debugging filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_kernel_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_kernel_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search generic kernel sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_key"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_key</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit search the kernel key ring. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_network_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_network_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search the network state directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_network_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_network_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to search network sysctl directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts by caller to search the base directory of sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_search_xen_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_search_xen_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search the xen state directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_sendrecv_unlabeled_association"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_sendrecv_unlabeled_association</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to send and receive messages from an unlabeled IPSEC association. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to send and receive messages from an unlabeled IPSEC association. Network connections that are not protected by IPSEC have use an unlabeled assocation. </p><p> </p><p> The corenetwork interface corenet_dontaudit_non_ipsec_sendrecv() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_tcp_recvfrom_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_tcp_recvfrom_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to receive TCP packets from an unlabeled connection. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to receive TCP packets from an unlabeled connection. </p><p> </p><p> The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_udp_recvfrom_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_udp_recvfrom_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to receive UDP packets from an unlabeled connection. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to receive UDP packets from an unlabeled connection. </p><p> </p><p> The corenetwork interface corenet_dontaudit_udp_recv_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_use_fds"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_use_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to use kernel file descriptors. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of process not to audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_dontaudit_write_kernel_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_dontaudit_write_kernel_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write generic kernel sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_get_sysvipc_info"></a> <div id="interface"> <div id="codeblock"> <b>kernel_get_sysvipc_info</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get information on all System V IPC objects. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_getattr_core_if"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_core_if</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to get attribues of core kernel interface. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type getting the attibutes. </p> </td></tr> </table> </div> </div> <a name="link_kernel_getattr_debugfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_debugfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of a kernel debugging filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_getattr_message_if"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_message_if</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to get the attributes of kernel message interface (/proc/kmsg). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type getting the attributes. </p> </td></tr> </table> </div> </div> <a name="link_kernel_getattr_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of the proc filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_getattr_proc_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_getattr_proc_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of files in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_kill"></a> <div id="interface"> <div id="codeblock"> <b>kernel_kill</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a kill signal to kernel threads. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process sending the signal. </p> </td></tr> </table> </div> </div> <a name="link_kernel_kill_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_kill_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a kill signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_link_key"></a> <div id="interface"> <div id="codeblock"> <b>kernel_link_key</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow link to the kernel key ring. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_list_all_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_list_all_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow attempts to list all proc directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_kernel_list_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_list_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List the contents of directories in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_list_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_list_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List unlabeled directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_load_module"></a> <div id="interface"> <div id="codeblock"> <b>kernel_load_module</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to load kernel modules </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type to allow to load kernel modules. </p> </td></tr> </table> </div> </div> <a name="link_kernel_mount_debugfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_mount_debugfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mount a kernel debugging filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain mounting the filesystem. </p> </td></tr> </table> </div> </div> <a name="link_kernel_mount_kvmfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_mount_kvmfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mount a kernel VM filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain mounting the filesystem. </p> </td></tr> </table> </div> </div> <a name="link_kernel_mount_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_mount_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mount a kernel unlabeled filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain mounting the filesystem. </p> </td></tr> </table> </div> </div> <a name="link_kernel_ranged_domtrans_to"></a> <div id="interface"> <div id="codeblock"> <b>kernel_ranged_domtrans_to</b>( domain , entrypoint , range )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows to start userland processes by transitioning to the specified domain, with a range transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type entered by kernel. </p> </td></tr> <tr><td> entrypoint </td><td> <p> The executable type for the entrypoint. </p> </td></tr> <tr><td> range </td><td> <p> Range for the domain. </p> </td></tr> </table> </div> </div> <a name="link_kernel_raw_recvfrom_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_raw_recvfrom_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive Raw IP packets from an unlabeled connection. </p> <h5>Description</h5> <p> </p><p> Receive Raw IP packets from an unlabeled connection. </p><p> </p><p> The corenetwork interface corenet_raw_recv_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_all_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_all_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read all sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_core_if"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_core_if</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to read the core kernel interface. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_crypto_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_crypto_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read generic crypto sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_debugfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_debugfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read information from the debugging filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_device_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_device_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the device sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type to allow to read the device sysctls. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_fs_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_fs_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read filesystem sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_hotplug_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_hotplug_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the hotplug sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_irq_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_irq_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read IRQ sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_kernel_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_kernel_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read general kernel sysctls. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to read general kernel sysctl settings. These settings are typically read using the sysctl program. The settings that are included by this interface are prefixed with "kernel.", for example, kernel.sysrq. </p><p> </p><p> This does not include access to the hotplug handler setting (kernel.hotplug) nor the module installer handler setting (kernel.modprobe). </p><p> </p><p> Related interfaces: </p><p> </p><ul><p> </p><li><p>kernel_rw_kernel_sysctl()</p></li><p> </p></ul><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_messages"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_messages</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read kernel messages using the /proc/kmsg interface. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the messages. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_modprobe_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_modprobe_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the modprobe sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_net_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_net_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read network sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_network_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_network_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the network state information. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to read the networking state information. This includes several pieces of networking information, such as network interface names, netfilter (iptables) statistics, protocol information, routes, and remote procedure call (RPC) information. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_network_state_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_network_state_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the network state symbolic links. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_proc_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_proc_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read generic symbolic links in /proc. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to read (follow) generic symbolic links (symlinks) in the proc filesystem (/proc). This interface does not include access to the targets of these links. An example symlink is /proc/self. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_ring_buffer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_ring_buffer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to read the ring buffer. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type allowed to read the ring buffer. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_rpc_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_rpc_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read RPC sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_software_raid_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_software_raid_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the state information for software raid. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading software raid state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow access to read sysctl directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type to allow to read sysctl directories. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_system_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_system_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to read system state information in /proc. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to read general system state information from the proc filesystem (/proc). </p><p> </p><p> Generally it should be safe to allow this access. Some example files that can be read based on this interface: </p><p> </p><ul><p> </p><li><p>/proc/cpuinfo</p></li><p> </p><li><p>/proc/meminfo</p></li><p> </p><li><p>/proc/uptime</p></li><p> </p></ul><p> </p><p> This does not allow access to sysctl entries (/proc/sys/*) nor process state information (/proc/pid). </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_unix_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_unix_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read unix domain socket sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_unlabeled_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_unlabeled_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the process state (/proc/pid) of all unlabeled_t. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_vm_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_vm_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read virtual memory sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_xen_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_xen_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the xen state information. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_read_xen_state_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>kernel_read_xen_state_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read the xen state symbolic links. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_recvfrom_unlabeled_peer"></a> <div id="interface"> <div id="codeblock"> <b>kernel_recvfrom_unlabeled_peer</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive packets from an unlabeled peer. </p> <h5>Description</h5> <p> </p><p> Receive packets from an unlabeled peer, these packets do not have any peer labeling information present. </p><p> </p><p> The corenetwork interface corenet_recvfrom_unlabeled_peer() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_relabelfrom_unlabeled_database"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabelfrom_unlabeled_database</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel from unlabeled database objects. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_relabelfrom_unlabeled_dirs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabelfrom_unlabeled_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to relabel unlabeled directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_relabelfrom_unlabeled_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabelfrom_unlabeled_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to relabel unlabeled files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_relabelfrom_unlabeled_pipes"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabelfrom_unlabeled_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to relabel unlabeled named pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_relabelfrom_unlabeled_sockets"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabelfrom_unlabeled_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to relabel unlabeled named sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_relabelfrom_unlabeled_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabelfrom_unlabeled_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to relabel unlabeled symbolic links. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_relabelto_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_relabelto_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to unlabeled context . </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_remount_debugfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_remount_debugfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Remount a kernel debugging filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain remounting the filesystem. </p> </td></tr> </table> </div> </div> <a name="link_kernel_request_load_module"></a> <div id="interface"> <div id="codeblock"> <b>kernel_request_load_module</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows caller to request the kernel to load a module </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to request that the kernel load a kernel module. An example of this is the auto-loading of network drivers when doing an ioctl() on a network interface. </p><p> </p><p> In the specific case of a module loading request on a network interface, the domain will also need the net_admin capability. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rootfs_mountpoint"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rootfs_mountpoint</b>( directory_type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows the kernel to mount filesystems on the specified directory type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> directory_type </td><td> <p> The type of the directory to use as a mountpoint. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_afs_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_afs_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read and write state information for AFS. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_all_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_all_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write all sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_device_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_device_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write device sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_fs_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_fs_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write fileystem sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_hotplug_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_hotplug_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the hotplug sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_irq_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_irq_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write IRQ sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_kernel_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_kernel_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write generic kernel sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_modprobe_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_modprobe_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the modprobe sysctl. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_net_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_net_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to modiry contents of sysctl network files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write kernel unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_rpc_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_rpc_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write RPC sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_software_raid_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_software_raid_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to read and set the state information for software raid. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading software raid state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_unix_dgram_sockets"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unix_dgram_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write kernel unix datagram sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_unix_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unix_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unix domain socket sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_unlabeled_blk_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unlabeled_blk_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unlabeled block device nodes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_unlabeled_dirs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unlabeled_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unlabeled directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_unlabeled_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unlabeled_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unlabeled files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_unlabeled_rawip_socket"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unlabeled_rawip_socket</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read/Write Raw IP packets from an unlabeled connection. </p> <h5>Description</h5> <p> </p><p> Receive Raw IP packets from an unlabeled connection. </p><p> </p><p> The corenetwork interface corenet_raw_recv_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_unlabeled_socket"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_unlabeled_socket</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unlabeled sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_rw_vm_sysctls"></a> <div id="interface"> <div id="codeblock"> <b>kernel_rw_vm_sysctls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write virtual memory sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_search_debugfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_debugfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search the contents of a kernel debugging filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_search_key"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_key</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow search the kernel key ring. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_search_network_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_network_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow searching of network state directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_search_network_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_network_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search network sysctl directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_search_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search directories in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_search_vm_sysctl"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_vm_sysctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to search virtual memory sysctls. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_search_xen_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_search_xen_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow searching of xen state directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type reading the state. </p> </td></tr> </table> </div> </div> <a name="link_kernel_sendrecv_unlabeled_association"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sendrecv_unlabeled_association</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send and receive messages from an unlabeled IPSEC association. </p> <h5>Description</h5> <p> </p><p> Send and receive messages from an unlabeled IPSEC association. Network connections that are not protected by IPSEC have use an unlabeled assocation. </p><p> </p><p> The corenetwork interface corenet_non_ipsec_sendrecv() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_sendrecv_unlabeled_packets"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sendrecv_unlabeled_packets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send and receive unlabeled packets. </p> <h5>Description</h5> <p> </p><p> Send and receive unlabeled packets. These packets do not match any netfilter SECMARK rules. </p><p> </p><p> The corenetwork interface corenet_sendrecv_unlabeled_packets() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_setpgid"></a> <div id="interface"> <div id="codeblock"> <b>kernel_setpgid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the process group of kernel threads. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_setsched"></a> <div id="interface"> <div id="codeblock"> <b>kernel_setsched</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the priority of kernel threads. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_share_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_share_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allows the kernel to share state information with the caller. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process with which to share state information. </p> </td></tr> </table> </div> </div> <a name="link_kernel_sigchld"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sigchld</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to kernel threads. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process sending the signal. </p> </td></tr> </table> </div> </div> <a name="link_kernel_sigchld_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sigchld_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a child terminated signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_signal"></a> <div id="interface"> <div id="codeblock"> <b>kernel_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a generic signal to kernel threads. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process sending the signal. </p> </td></tr> </table> </div> </div> <a name="link_kernel_signal_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_signal_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send general signals to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_signull_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_signull_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a null signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_sigstop_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_sigstop_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a stop signal to unlabeled processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_stream_connect"></a> <div id="interface"> <div id="codeblock"> <b>kernel_stream_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain to connect to the kernel with a unix socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_tcp_recvfrom"></a> <div id="interface"> <div id="codeblock"> <b>kernel_tcp_recvfrom</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive messages from kernel TCP sockets. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_tcp_recvfrom_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_tcp_recvfrom_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive TCP packets from an unlabeled connection. </p> <h5>Description</h5> <p> </p><p> Receive TCP packets from an unlabeled connection. </p><p> </p><p> The corenetwork interface corenet_tcp_recv_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_udp_recvfrom"></a> <div id="interface"> <div id="codeblock"> <b>kernel_udp_recvfrom</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive messages from kernel UDP sockets. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_udp_recvfrom_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_udp_recvfrom_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Receive UDP packets from an unlabeled connection. </p> <h5>Description</h5> <p> </p><p> Receive UDP packets from an unlabeled connection. </p><p> </p><p> The corenetwork interface corenet_udp_recv_unlabeled() should be used instead of this one. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_udp_send"></a> <div id="interface"> <div id="codeblock"> <b>kernel_udp_send</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send UDP network traffic to the kernel. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_unconfined"></a> <div id="interface"> <div id="codeblock"> <b>kernel_unconfined</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unconfined access to kernel module resources. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_unmount_debugfs"></a> <div id="interface"> <div id="codeblock"> <b>kernel_unmount_debugfs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unmount a kernel debugging filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain unmounting the filesystem. </p> </td></tr> </table> </div> </div> <a name="link_kernel_unmount_proc"></a> <div id="interface"> <div id="codeblock"> <b>kernel_unmount_proc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unmount the proc filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain unmounting the filesystem. </p> </td></tr> </table> </div> </div> <a name="link_kernel_unmount_unlabeled"></a> <div id="interface"> <div id="codeblock"> <b>kernel_unmount_unlabeled</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unmount a kernel unlabeled filesystem. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_use_fds"></a> <div id="interface"> <div id="codeblock"> <b>kernel_use_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Permits caller to use kernel file descriptors. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process using the descriptors. </p> </td></tr> </table> </div> </div> <a name="link_kernel_write_proc_files"></a> <div id="interface"> <div id="codeblock"> <b>kernel_write_proc_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write to generic proc entries. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_kernel_write_xen_state"></a> <div id="interface"> <div id="codeblock"> <b>kernel_write_xen_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to write xen state information. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type writing the state. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>
distrib
>
Fedora
>
13
>
i386
>
media
>
updates
>
by-pkgid
>
b6e83d73630f9ce6548109943a4c0a31
>
files
>
118
