<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> - <a href='apps_ada.html'> ada</a><br/> - <a href='apps_authbind.html'> authbind</a><br/> - <a href='apps_awstats.html'> awstats</a><br/> - <a href='apps_calamaris.html'> calamaris</a><br/> - <a href='apps_cdrecord.html'> cdrecord</a><br/> - <a href='apps_chrome.html'> chrome</a><br/> - <a href='apps_cpufreqselector.html'> cpufreqselector</a><br/> - <a href='apps_ethereal.html'> ethereal</a><br/> - <a href='apps_evolution.html'> evolution</a><br/> - <a href='apps_execmem.html'> execmem</a><br/> - <a href='apps_firewallgui.html'> firewallgui</a><br/> - <a href='apps_games.html'> games</a><br/> - <a href='apps_gift.html'> gift</a><br/> - <a href='apps_gitosis.html'> gitosis</a><br/> - <a href='apps_gnome.html'> gnome</a><br/> - <a href='apps_gpg.html'> gpg</a><br/> - <a href='apps_irc.html'> irc</a><br/> - <a href='apps_java.html'> java</a><br/> - <a href='apps_kdumpgui.html'> kdumpgui</a><br/> - <a href='apps_livecd.html'> livecd</a><br/> - <a href='apps_loadkeys.html'> loadkeys</a><br/> - <a href='apps_lockdev.html'> lockdev</a><br/> - <a href='apps_mediawiki.html'> mediawiki</a><br/> - <a href='apps_mono.html'> mono</a><br/> - <a href='apps_mozilla.html'> mozilla</a><br/> - <a href='apps_mplayer.html'> mplayer</a><br/> - <a href='apps_namespace.html'> namespace</a><br/> - <a href='apps_nsplugin.html'> nsplugin</a><br/> - <a href='apps_openoffice.html'> openoffice</a><br/> - <a href='apps_podsleuth.html'> podsleuth</a><br/> - <a href='apps_ptchown.html'> ptchown</a><br/> - <a href='apps_pulseaudio.html'> pulseaudio</a><br/> - <a href='apps_qemu.html'> qemu</a><br/> - <a href='apps_rssh.html'> rssh</a><br/> - <a href='apps_sambagui.html'> sambagui</a><br/> - <a href='apps_sandbox.html'> sandbox</a><br/> - <a href='apps_screen.html'> screen</a><br/> - <a href='apps_seunshare.html'> seunshare</a><br/> - <a href='apps_slocate.html'> slocate</a><br/> - <a href='apps_telepathy.html'> telepathy</a><br/> - <a href='apps_thunderbird.html'> thunderbird</a><br/> - <a href='apps_tvtime.html'> tvtime</a><br/> - <a href='apps_uml.html'> uml</a><br/> - <a href='apps_userhelper.html'> userhelper</a><br/> - <a href='apps_usernetctl.html'> usernetctl</a><br/> - <a href='apps_vmware.html'> vmware</a><br/> - <a href='apps_webalizer.html'> webalizer</a><br/> - <a href='apps_wine.html'> wine</a><br/> - <a href='apps_wireshark.html'> wireshark</a><br/> - <a href='apps_wm.html'> wm</a><br/> - <a href='apps_xscreensaver.html'> xscreensaver</a><br/> - <a href='apps_yam.html'> yam</a><br/> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: apps</h1><p/> <h2>Module: qemu</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <a href=#templates>Templates</a> <h3>Description:</h3> <p><p>QEMU machine emulator and virtualizer</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_qemu_full_network"></a> <div id="interface"> <div id="codeblock">qemu_full_network</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow qemu to connect fully to the network </p><p> </p> </div></div> <a name="link_qemu_use_cifs"></a> <div id="interface"> <div id="codeblock">qemu_use_cifs</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow qemu to use cifs/Samba file systems </p><p> </p> </div></div> <a name="link_qemu_use_comm"></a> <div id="interface"> <div id="codeblock">qemu_use_comm</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow qemu to user serial/parallel communication ports </p><p> </p> </div></div> <a name="link_qemu_use_nfs"></a> <div id="interface"> <div id="codeblock">qemu_use_nfs</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow qemu to use nfs file systems </p><p> </p> </div></div> <a name="link_qemu_use_usb"></a> <div id="interface"> <div id="codeblock">qemu_use_usb</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow qemu to use usb devices </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_qemu_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>qemu_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a domain transition to run qemu. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_qemu_domtrans_unconfined"></a> <div id="interface"> <div id="codeblock"> <b>qemu_domtrans_unconfined</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a domain transition to run qemu unconfined. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_qemu_entry_type"></a> <div id="interface"> <div id="codeblock"> <b>qemu_entry_type</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make qemu_exec_t an entrypoint for the specified domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The domain for which qemu_exec_t is an entrypoint. </p> </td></tr> </table> </div> </div> <a name="link_qemu_exec"></a> <div id="interface"> <div id="codeblock"> <b>qemu_exec</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a qemu in the callers domain </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_qemu_kill"></a> <div id="interface"> <div id="codeblock"> <b>qemu_kill</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a sigill to qemu </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_qemu_manage_tmp_dirs"></a> <div id="interface"> <div id="codeblock"> <b>qemu_manage_tmp_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage qemu temporary dirs. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_qemu_manage_tmp_files"></a> <div id="interface"> <div id="codeblock"> <b>qemu_manage_tmp_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage qemu temporary files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_qemu_read_state"></a> <div id="interface"> <div id="codeblock"> <b>qemu_read_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the domain to read state files in /proc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to allow access. </p> </td></tr> </table> </div> </div> <a name="link_qemu_run"></a> <div id="interface"> <div id="codeblock"> <b>qemu_run</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute qemu in the qemu domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the qemu domain. </p> </td></tr> </table> </div> </div> <a name="link_qemu_setsched"></a> <div id="interface"> <div id="codeblock"> <b>qemu_setsched</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the schedule on qemu. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_qemu_signal"></a> <div id="interface"> <div id="codeblock"> <b>qemu_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a signal to qemu. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_qemu_spec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>qemu_spec_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute qemu_exec_t in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Description</h5> <p> </p><p> Execute qemu_exec_t in the specified domain. This allows the specified domain to qemu programs on these filesystems in the specified domain. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the new process. </p> </td></tr> </table> </div> </div> <a name="link_qemu_unconfined_role"></a> <div id="interface"> <div id="codeblock"> <b>qemu_unconfined_role</b>( role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute qemu unconfined programs in the role. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> The role to allow the PAM domain. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> <a name="templates"></a> <h3>Templates: </h3> <a name="link_qemu_domain_template"></a> <div id="template"> <div id="codeblock"> <b>qemu_domain_template</b>( prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> Creates types and rules for a basic qemu process domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> prefix </td><td> <p> Prefix for the domain. </p> </td></tr> </table> </div> </div> <a name="link_qemu_role"></a> <div id="template"> <div id="codeblock"> <b>qemu_role</b>( user_role , user_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> The per role template for the qemu module. </p> <h5>Description</h5> <p> </p><p> This template creates a derived domains which are used for qemu web browser. </p><p> </p><p> This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> user_role </td><td> <p> The role associated with the user domain. </p> </td></tr> <tr><td> user_domain </td><td> <p> The type of the user domain. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>