<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_daemontools.html'> daemontools</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_iscsi.html'> iscsi</a><br/> - <a href='system_kdump.html'> kdump</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_pcmcia.html'> pcmcia</a><br/> - <a href='system_raid.html'> raid</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sosreport.html'> sosreport</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> - <a href='system_xen.html'> xen</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: system</h1><p/> <h2>Module: userdomain</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <a href=#templates>Templates</a> <h3>Description:</h3> <p><p>Policy for user domains</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_allow_user_mysql_connect"></a> <div id="interface"> <div id="codeblock">allow_user_mysql_connect</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow users to connect to mysql </p><p> </p> </div></div> <a name="link_allow_user_postgresql_connect"></a> <div id="interface"> <div id="codeblock">allow_user_postgresql_connect</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow users to connect to PostgreSQL </p><p> </p> </div></div> <a name="link_user_direct_mouse"></a> <div id="interface"> <div id="codeblock">user_direct_mouse</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow regular users direct mouse access </p><p> </p> </div></div> <a name="link_user_rw_noexattrfile"></a> <div id="interface"> <div id="codeblock">user_rw_noexattrfile</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY) </p><p> </p> </div></div> <a name="link_user_setrlimit"></a> <div id="interface"> <div id="codeblock">user_setrlimit</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow user processes to change their priority </p><p> </p> </div></div> <a name="link_user_ttyfile_stat"></a> <div id="interface"> <div id="codeblock">user_ttyfile_stat</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow w to display everyone </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_userdom_admin_home_dir_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>userdom_admin_home_dir_filetrans</b>( domain , private_type , object_class )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in the /root directory with an automatic type transition to a specified private type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> private_type </td><td> <p> The type of the object to create. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> </table> </div> </div> <a name="link_userdom_append_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_append_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append files in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_attach_admin_tun_iface"></a> <div id="interface"> <div id="codeblock"> <b>userdom_attach_admin_tun_iface</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow domain to attach to TUN devices created by administrative users. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_basic_networking"></a> <div id="interface"> <div id="codeblock"> <b>userdom_basic_networking</b>( userdomain )<br> </div> <div id="description"> <h5>Summary</h5> <p> The interface allowing the user basic network permissions </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain </td><td> <p> The user domain </p> </td></tr> </table> </div> </div> <a name="link_userdom_bin_spec_domtrans_unpriv_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_bin_spec_domtrans_unpriv_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute bin_t in the unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_create_all_users_keys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_create_all_users_keys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create keys for all user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_create_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_create_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create user home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_create_user_pty"></a> <div id="interface"> <div id="codeblock"> <b>userdom_create_user_pty</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create a user pty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dbus_send_all_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dbus_send_all_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a dbus message to all user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_delete_user_home_content_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_delete_user_home_content_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete directories in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_delete_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_delete_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete files in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_delete_user_home_content_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>userdom_delete_user_home_content_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete symbolic links in a user home directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_delete_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_delete_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete all users files in /tmp </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_delete_user_tmpfs_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_delete_user_tmpfs_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete user tmpfs files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dgram_send"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dgram_send</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a message to unpriv users over a unix domain datagram socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaduit_search_user_tmp"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaduit_search_user_tmp</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Dontaudit search user temporary directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_append_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_append_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to append user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_append_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_append_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to append users temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_exec_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_exec_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to execute user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_getattr_admin_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_getattr_admin_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit Search getatrr /root files </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_getattr_user_home_content"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_getattr_user_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to getattr user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_getattr_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_getattr_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of user home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_getattr_user_ttys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_getattr_user_ttys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of a user domain tty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_list_admin_dir"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_list_admin_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit list /root </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_list_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_list_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to list user home subdirectories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_list_user_tmp"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_list_user_tmp</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to list user temporary directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_manage_user_home_content_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_manage_user_home_content_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to create, read, write, and delete directories in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_manage_user_tmp_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_manage_user_tmp_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to manage users temporary directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_manage_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_manage_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to manage users temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_read_admin_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_read_admin_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read admin home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_read_admin_home_lnk_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_read_admin_home_lnk_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit read /root lnk files </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_read_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_read_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_read_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_read_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read users temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_relabel_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_relabel_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_relabelfrom_user_ptys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_relabelfrom_user_ptys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to relabel files from user pty types. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_rw_stream"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_rw_stream</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write unserdomain stream. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_search_admin_dir"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_search_admin_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit Search /root </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_search_user_home_content"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_search_user_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search user home content directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_search_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_search_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search user home directories. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to search user home directories. This will supress SELinux denial messages when the specified domain is denied the permission to search these directories. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_search_user_tmp"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_search_user_tmp</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search user temporary directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_setattr_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_setattr_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to set the attributes of user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_setattr_user_ttys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_setattr_user_ttys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to set the attributes of a user domain tty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_use_all_users_fds"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_use_all_users_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to inherit the file descriptors from any user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_use_unpriv_user_fds"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_use_unpriv_user_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to inherit the file descriptors from unprivileged user domains. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to inherit the file descriptors from unprivileged user domains. This will supress SELinux denial messages when the specified domain is denied the permission to inherit these file descriptors. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_use_user_ptys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_use_user_ptys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to use user ptys. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_use_user_terminals"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_use_user_terminals</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write a user domain tty and pty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_use_user_ttys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_use_user_ttys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to use user ttys. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_write_admin_dir"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_write_admin_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit write /root </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_write_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_write_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_dontaudit_write_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_dontaudit_write_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write users temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_userdom_entry_spec_domtrans_unpriv_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_entry_spec_domtrans_unpriv_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute all entrypoint files in unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_exec_admin_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_exec_admin_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute admin home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_exec_user_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_exec_user_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute user bin files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_exec_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_exec_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_exec_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_exec_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> The execute access user temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_execmod_user_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_execmod_user_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow execmod on files in homedirectory </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_getattr_all_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_getattr_all_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of all user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_getattr_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_getattr_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of user home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_getattr_user_ttys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_getattr_user_ttys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of a user domain tty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_home_filetrans_user_home_dir"></a> <div id="interface"> <div id="codeblock"> <b>userdom_home_filetrans_user_home_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create directories in the home dir root with the user home directory type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_inherit_append_admin_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_inherit_append_admin_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append files inherited in the /root directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_inherit_append_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_inherit_append_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append files inherited in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_inherit_append_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_inherit_append_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append files inherited in a user tmp files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_list_admin_dir"></a> <div id="interface"> <div id="codeblock"> <b>userdom_list_admin_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow domain to list /root </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_list_user_home_content"></a> <div id="interface"> <div id="codeblock"> <b>userdom_list_user_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List contents of users home directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_list_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_list_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List user home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_list_user_tmp"></a> <div id="interface"> <div id="codeblock"> <b>userdom_list_user_tmp</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List user temporary directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_all_users_keys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_all_users_keys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage keys for all user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_home_role"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_home_role</b>( role , userdomain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow a home directory for which the role has full access. </p> <h5>Description</h5> <p> </p><p> Allow a home directory for which the role has full access. </p><p> </p><p> This does not allow execute access. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> The user role </p> </td></tr> <tr><td> userdomain </td><td> <p> The user domain </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_tmp_role"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_tmp_role</b>( role , domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage user temporary files </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_tmpfs_role"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_tmpfs_role</b>( role , domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Role access for the user tmpfs type that the user has full access. </p> <h5>Description</h5> <p> </p><p> Role access for the user tmpfs type that the user has full access. </p><p> </p><p> This does not allow execute access. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_unpriv_user_semaphores"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_unpriv_user_semaphores</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage unpriviledged user SysV sempaphores. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_unpriv_user_shared_mem"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_unpriv_user_shared_mem</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage unpriviledged user SysV shared memory segments. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_home_content"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_home_content</b>( userdomain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage all files/directories in the homedir </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain </td><td> <p> The user domain </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_home_content_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_home_content_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete directories in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete files in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_home_content_pipes"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_home_content_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete named pipes in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_home_content_sockets"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_home_content_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete named sockets in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_home_content_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_home_content_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete symbolic links in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create user home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_tmp_blk_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_tmp_blk_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete user temporary blk files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_tmp_chr_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_tmp_chr_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete user temporary chr files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_tmp_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_tmp_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete user temporary directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete user temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_tmp_pipes"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_tmp_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete user temporary named pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_tmp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_tmp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete user temporary named sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_manage_user_tmp_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>userdom_manage_user_tmp_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete user temporary symbolic links. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_mmap_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_mmap_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mmap user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_ptrace_all_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_ptrace_all_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Ptrace user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_admin_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_admin_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read admin home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_all_users_state"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_all_users_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the process state of all user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_home_audio_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_home_audio_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read audio files in the users homedir. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_home_certs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_home_certs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read system SSL certificates in the users homedir. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_inherited_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_inherited_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read files inherited in a user home subdirectory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_user_home_content_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_user_home_content_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read user home subdirectory symbolic links. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read user temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_user_tmp_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_user_tmp_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read user temporary symbolic links. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_read_user_tmpfs_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_read_user_tmpfs_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read user tmpfs files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_relabel_user_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_relabel_user_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_relabelto_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_relabelto_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to user home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_relabelto_user_home_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_relabelto_user_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_relabelto_user_ptys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_relabelto_user_ptys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel files to unprivileged user pty types. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_ro_home_role"></a> <div id="interface"> <div id="codeblock"> <b>userdom_ro_home_role</b>( role , userdomain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow a home directory for which the role has read-only access. </p> <h5>Description</h5> <p> </p><p> Allow a home directory for which the role has read-only access. </p><p> </p><p> This does not allow execute access. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> The user role </p> </td></tr> <tr><td> userdomain </td><td> <p> The user domain </p> </td></tr> </table> </div> </div> <a name="link_userdom_rw_semaphores"></a> <div id="interface"> <div id="codeblock"> <b>userdom_rw_semaphores</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> RW unpriviledged user SysV sempaphores. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_rw_unpriv_user_shared_mem"></a> <div id="interface"> <div id="codeblock"> <b>userdom_rw_unpriv_user_shared_mem</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read/Write unpriviledged user SysV shared memory segments. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_rw_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_rw_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write user temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_rw_user_tmpfs_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_rw_user_tmpfs_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read/Write user tmpfs files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_search_admin_dir"></a> <div id="interface"> <div id="codeblock"> <b>userdom_search_admin_dir</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow Search /root </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_search_user_home_content"></a> <div id="interface"> <div id="codeblock"> <b>userdom_search_user_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search users home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_search_user_home_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_search_user_home_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search user home directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_set_rlimitnh"></a> <div id="interface"> <div id="codeblock"> <b>userdom_set_rlimitnh</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow apps to set rlimits on userdomain </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_setattr_user_home_content_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_setattr_user_home_content_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the attributes of user home files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_setattr_user_ptys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_setattr_user_ptys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the attributes of a user pty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_setattr_user_ttys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_setattr_user_ttys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the attributes of a user domain tty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_sigchld_all_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_sigchld_all_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to all user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_signal_all_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_signal_all_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send general signals to all user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_signal_unpriv_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_signal_unpriv_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send general signals to unprivileged user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_signull_unpriv_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_signull_unpriv_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send signull to unprivileged user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_spec_domtrans_all_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_spec_domtrans_all_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_spec_domtrans_unpriv_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_spec_domtrans_unpriv_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a shell in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_stream_connect"></a> <div id="interface"> <div id="codeblock"> <b>userdom_stream_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to users over an unix stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_tmp_filetrans_user_tmp"></a> <div id="interface"> <div id="codeblock"> <b>userdom_tmp_filetrans_user_tmp</b>( domain , object_class )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in the temporary directory with an automatic type transition to the user temporary type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> </table> </div> </div> <a name="link_userdom_use_all_users_fds"></a> <div id="interface"> <div id="codeblock"> <b>userdom_use_all_users_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Inherit the file descriptors from all user domains </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_use_unpriv_users_fds"></a> <div id="interface"> <div id="codeblock"> <b>userdom_use_unpriv_users_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Inherit the file descriptors from unprivileged user domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_use_user_ptys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_use_user_ptys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write a user domain pty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_use_user_terminals"></a> <div id="interface"> <div id="codeblock"> <b>userdom_use_user_terminals</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write a user TTYs and PTYs. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to read and write user TTYs and PTYs. This will allow the domain to interact with the user via the terminal. Typically all interactive applications will require this access. </p><p> </p><p> However, this also allows the applications to spy on user sessions or inject information into the user session. Thus, this access should likely not be allowed for non-interactive domains. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_use_user_ttys"></a> <div id="interface"> <div id="codeblock"> <b>userdom_use_user_ttys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write a user domain tty. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_user_home_content"></a> <div id="interface"> <div id="codeblock"> <b>userdom_user_home_content</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified type usable in a user home directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type to be used as a file in the user home directory. </p> </td></tr> </table> </div> </div> <a name="link_userdom_user_home_content_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>userdom_user_home_content_filetrans</b>( domain , private_type , object_class )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in a user home directory with an automatic type transition to a specified private type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> private_type </td><td> <p> The type of the object to create. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> </table> </div> </div> <a name="link_userdom_user_home_dir_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>userdom_user_home_dir_filetrans</b>( domain , private_type , object_class )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in a user home directory with an automatic type transition to a specified private type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> private_type </td><td> <p> The type of the object to create. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> </table> </div> </div> <a name="link_userdom_user_home_dir_filetrans_pattern"></a> <div id="interface"> <div id="codeblock"> <b>userdom_user_home_dir_filetrans_pattern</b>( domain , object_class )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in a user home directory with an automatic type transition to the user home file type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> </table> </div> </div> <a name="link_userdom_user_home_dir_filetrans_user_home_content"></a> <div id="interface"> <div id="codeblock"> <b>userdom_user_home_dir_filetrans_user_home_content</b>( domain , object_class )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in a user home directory with an automatic type transition to the user home file type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> </table> </div> </div> <a name="link_userdom_user_home_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>userdom_user_home_domtrans</b>( source_domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do a domain transition to the specified domain when executing a program in the user home directory. </p> <h5>Description</h5> <p> </p><p> Do a domain transition to the specified domain when executing a program in the user home directory. </p><p> </p><p> No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> source_domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> target_domain </td><td> <p> Domain to transition to. </p> </td></tr> </table> </div> </div> <a name="link_userdom_user_tmp_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>userdom_user_tmp_filetrans</b>( domain , private_type , object_class )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in a user temporary directory with an automatic type transition to a specified private type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> private_type </td><td> <p> The type of the object to create. </p> </td></tr> <tr><td> object_class </td><td> <p> The class of the object to be created. </p> </td></tr> </table> </div> </div> <a name="link_userdom_users_dgram_send"></a> <div id="interface"> <div id="codeblock"> <b>userdom_users_dgram_send</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a message to users over a unix domain datagram socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_write_inherited_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_write_inherited_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write all inherited users files in /tmp </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_write_user_tmp_dirs"></a> <div id="interface"> <div id="codeblock"> <b>userdom_write_user_tmp_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write all users files in /tmp </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_write_user_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>userdom_write_user_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write all users files in /tmp </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_write_user_tmp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>userdom_write_user_tmp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write to user temporary named sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_xsession_spec_domtrans_all_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_xsession_spec_domtrans_all_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_xsession_spec_domtrans_unpriv_users"></a> <div id="interface"> <div id="codeblock"> <b>userdom_xsession_spec_domtrans_unpriv_users</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> <a name="templates"></a> <h3>Templates: </h3> <a name="link_userdom_admin_user_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_admin_user_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template for creating an administrative user. </p> <h5>Description</h5> <p> </p><p> This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files. </p><p> </p><p> The privileges given to administrative users are: <ul><p> </p><li><p>Raw disk access</p></li><p> </p><li><p>Set all sysctls</p></li><p> </p><li><p>All kernel ring buffer controls</p></li><p> </p><li><p>Create, read, write, and delete all files but shadow</p></li><p> </p><li><p>Manage source and binary format SELinux policy</p></li><p> </p><li><p>Run insmod</p></li><p> </p></ul> </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., sysadm is the prefix for sysadm_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_base_user_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_base_user_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template containing the most basic rules common to all users. </p> <h5>Description</h5> <p> </p><p> The template containing the most basic rules common to all users. </p><p> </p><p> This template creates a user domain, types, and rules for the user's tty and pty. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_change_password_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_change_password_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template for allowing the user to change passwords. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_common_user_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_common_user_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template containing rules common to unprivileged users and administrative users. </p> <h5>Description</h5> <p> </p><p> This template creates a user domain, types, and rules for the user's tty, pty, tmp, and tmpfs files. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_login_user_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_login_user_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template for creating a login user. </p> <h5>Description</h5> <p> </p><p> This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_restricted_user_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_restricted_user_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template for creating a unprivileged login user. </p> <h5>Description</h5> <p> </p><p> This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_restricted_xwindows_user_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_restricted_xwindows_user_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template for creating a unprivileged xwindows login user. </p> <h5>Description</h5> <p> </p><p> The template for creating a unprivileged xwindows login user. </p><p> </p><p> This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_security_admin_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_security_admin_template</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow user to run as a secadm </p> <h5>Description</h5> <p> </p><p> Create objects in a user home directory with an automatic type transition to a specified private type. </p><p> </p><p> This is a templated interface, and should only be called from a per-userdomain template. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> The role of the object to create. </p> </td></tr> </table> </div> </div> <a name="link_userdom_unpriv_user_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_unpriv_user_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template for creating a unprivileged user roughly equivalent to a regular linux user. </p> <h5>Description</h5> <p> </p><p> The template for creating a unprivileged user roughly equivalent to a regular linux user. </p><p> </p><p> This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a name="link_userdom_unpriv_usertype"></a> <div id="template"> <div id="codeblock"> <b>userdom_unpriv_usertype</b>( domain , userdomain_prefix , domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Define this type as a Allow apps to set rlimits on userdomain </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_userdom_xwindows_client_template"></a> <div id="template"> <div id="codeblock"> <b>userdom_xwindows_client_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template for creating a user xwindows client. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the user domain (e.g., user is the prefix for user_t). </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>