Layer: kernel

Module: files

Interfaces

Description:

This module contains basic filesystem types and interfaces. This includes:

This module is required to be included in all policies.


Interfaces:

files_append_var_files( domain )
Summary

Append files in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_associate_rootfs( file_type )
Summary

Associate to root file system.

Parameters
Parameter:Description:
file_type

Type of the file to associate.

files_associate_tmp( file_type )
Summary

Allow the specified type to associate to a filesystem with the type of the temporary directory (/tmp).

Parameters
Parameter:Description:
file_type

Type of the file to associate.

files_auth_file( file_type )
Summary

Mark the specified type as a file that is related to authentication.

Parameters
Parameter:Description:
file_type

Type of the authentication-related file.

files_boot_filetrans( domain , private_type , object_class , name )
Summary

Create a private type object in boot with an automatic type transition

Parameters
Parameter:Description:
domain

Domain allowed access.

private_type

The type of the object to be created.

object_class

The object class of the object being created.

name

The name of the object being created.

files_config_file( file_type )
Summary

Make the specified type a configuration file.

Description

Make the specified type usable for configuration files. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a temporary file may result in problems with configuration management tools.

Example usage with a domain that can read its configuration file /etc:

type myconffile_t; files_config_file(myconffile_t) allow mydomain_t myconffile_t:file read_file_perms; files_search_etc(mydomain_t)

Parameters
Parameter:Description:
file_type

Type to be used as a configuration file.

files_create_all_files_as( domain )
Summary

Create all files as is.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_create_boot_dirs( domain )
Summary

Create directories in /boot

Parameters
Parameter:Description:
domain

Domain allowed access.

files_create_boot_flag( domain , name )
Summary

Create a boot flag.

Description

Create a boot flag, such as /.autorelabel and /.autofsck.

Parameters
Parameter:Description:
domain

Domain allowed access.

name

The name of the object being created.

files_create_kernel_img( domain )
Summary

Install a kernel into the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_create_kernel_symbol_table( domain )
Summary

Install a system.map into the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_create_lock_dirs( domain )
Summary

Create lock directories

Parameters
Parameter:Description:
domain

Domain allowed access

files_delete_all_locks( domain )
Summary

Delete all lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_all_pid_dirs( domain )
Summary

Delete all process ID directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_all_pids( domain )
Summary

Delete all process IDs.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_boot_flag( domain )
Summary

Delete a boot flag.

Description

Delete a boot flag, such as /.autorelabel and /.autofsck.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_etc_files( domain )
Summary

Delete system configuration files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_generic_locks( domain )
Summary

Delete generic lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_blk_files( domain )
Summary

Delete block files on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_chr_files( domain )
Summary

Delete chr files on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_dirs( domain )
Summary

Delete directories on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_fifo_files( domain )
Summary

Delete named pipes on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_files( domain )
Summary

Delete files on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_sock_files( domain )
Summary

Delete named sockets on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_isid_type_symlinks( domain )
Summary

Delete symbolic links on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_kernel( domain )
Summary

Delete a kernel from /boot.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_kernel_modules( domain )
Summary

Delete kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_kernel_symbol_table( domain )
Summary

Delete a system.map in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_root_dir_entry( domain )
Summary

Remove entries from the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_root_files( domain )
Summary

Delete files in the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_tmp_dir_entry( domain )
Summary

Remove entries from the tmp directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_usr_dirs( domain )
Summary

Delete generic directories in /usr in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_delete_usr_files( domain )
Summary

Delete generic files in /usr in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_getattr_all_dirs( domain )
Summary

Do not audit attempts to get the attributes of all directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_files( domain )
Summary

Do not audit attempts to get the attributes of all files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_pids( domain )
Summary

Do not audit attempts to get the attributes of daemon runtime data files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_pipes( domain )
Summary

Do not audit attempts to get the attributes of all named pipes.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_sockets( domain )
Summary

Do not audit attempts to get the attributes of all named sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_symlinks( domain )
Summary

Do not audit attempts to get the attributes of all symbolic links.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_all_tmp_files( domain )
Summary

Do not audit attempts to get the attributes of all tmp files.

Parameters
Parameter:Description:
domain

Domain not to audit.

files_dontaudit_getattr_all_tmp_sockets( domain )
Summary

Do not audit attempts to get the attributes of all tmp sock_file.

Parameters
Parameter:Description:
domain

Domain not to audit.

files_dontaudit_getattr_boot_dirs( domain )
Summary

Do not audit attempts to get attributes of the /boot directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_default_dirs( domain )
Summary

Do not audit attempts to get the attributes of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_default_files( domain )
Summary

Do not audit attempts to get the attributes of files with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_home_dir( domain )
Summary

Do not audit attempts to get the attributes of the home directories root (/home).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_lost_found_dirs( domain )
Summary

Do not audit attempts to get the attributes of lost+found directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_blk_files( domain )
Summary

Do not audit attempts to get the attributes of non security block devices.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_chr_files( domain )
Summary

Do not audit attempts to get the attributes of non security character devices.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_files( domain )
Summary

Do not audit attempts to get the attributes of non security files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_pipes( domain )
Summary

Do not audit attempts to get the attributes of non security named pipes.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_sockets( domain )
Summary

Do not audit attempts to get the attributes of non security named sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_non_security_symlinks( domain )
Summary

Do not audit attempts to get the attributes of non security symbolic links.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_pid_dirs( domain )
Summary

Do not audit attempts to get the attributes of the /var/run directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_getattr_tmp_dirs( domain )
Summary

Do not audit attempts to get the attributes of the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_ioctl_all_pids( domain )
Summary

Do not audit attempts to ioctl daemon runtime data files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_all_mountpoints( domain )
Summary

Do not audit listing of all mount points.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_boot( domain )
Summary

Do not audit attempts to list the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_list_default( domain )
Summary

Do not audit attempts to list contents of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_home( domain )
Summary

Do not audit attempts to list home directories root (/home).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_mnt( domain )
Summary

Do not audit attempts to list the contents of /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_list_non_security( domain )
Summary

Do not audit attempts to list all non-security directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_list_tmp( domain )
Summary

Do not audit listing of the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain not to audit.

files_dontaudit_list_var( domain )
Summary

Do not audit attempts to list the contents of /var.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_read_all_symlinks( domain )
Summary

Do not audit attempts to read all symbolic links.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_read_default_files( domain )
Summary

Do not audit attempts to read files with the default file type.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_read_etc_runtime_files( domain )
Summary

Do not audit attempts to read files in /etc that are dynamically created on boot, such as mtab.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_read_root_files( domain )
Summary

Do not audit attempts to read files in the root directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_rw_root_chr_files( domain )
Summary

Do not audit attempts to read or write character device nodes in the root directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_rw_root_dir( domain )
Summary

Do not audit attempts to write files in the root directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_rw_root_files( domain )
Summary

Do not audit attempts to read or write files in the root directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_rw_usr_dirs( domain )
Summary

Do not audit attempts to add and remove entries from /usr directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_rw_var_files( domain )
Summary

Do not audit attempts to read and write files in the /var directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_all_dirs( domain )
Summary

Do not audit attempts to search the contents of any directories on extended attribute filesystems.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_all_mountpoints( domain )
Summary

Do not audit searching of all mount points.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_boot( domain )
Summary

Do not audit attempts to search the /boot directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_home( domain )
Summary

Do not audit attempts to search home directories root (/home).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_isid_type_dirs( domain )
Summary

Do not audit attempts to search directories on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_locks( domain )
Summary

Do not audit attempts to search the locks directory (/var/lock).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_mnt( domain )
Summary

Do not audit attempts to search /mnt.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_pids( domain )
Summary

Do not audit attempts to search the /var/run directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_spool( domain )
Summary

Do not audit attempts to search generic spool directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_src( domain )
Summary

Do not audit attempts to search /usr/src.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_tmp( domain )
Summary

Do not audit attempts to search the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_var( domain )
Summary

Do not audit attempts to search the contents of /var.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_search_var_lib( domain )
Summary

Do not audit attempts to search the contents of /var/lib.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_setattr_all_mountpoints( domain )
Summary

Do not audit attempts to set the attributes on all mount points.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_setattr_etc_runtime_files( domain )
Summary

Do not audit attempts to set the attributes of the etc_runtime files

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_all_mountpoints( domain )
Summary

Do not audit attempts to write to mount points.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_all_pids( domain )
Summary

Do not audit attempts to write to daemon runtime data files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_etc_dirs( domain )
Summary

Do not audit attempts to write to /etc dirs.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_etc_files( domain )
Summary

Do not audit attempts to write generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_dontaudit_write_etc_runtime_files( domain )
Summary

Do not audit attempts to write etc runtime files.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_isid_chr_files( domain )
Summary

Do not audit attempts to write to character files that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_root_dirs( domain )
Summary

Do not audit attempts to write to / dirs.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_usr_dirs( domain )
Summary

Do not audit write of /usr dirs

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_usr_files( domain )
Summary

dontaudit write of /usr files

Parameters
Parameter:Description:
domain

Domain to not audit.

files_dontaudit_write_var_dirs( domain )
Summary

Do not audit attempts to write to /var.

Parameters
Parameter:Description:
domain

Domain to not audit.

files_etc_filetrans( domain , file_type , class , name )
Summary

Create objects in /etc with a private type using a type_transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

Private file type.

class

Object classes to be created.

name

The name of the object being created.

files_etc_filetrans_etc_runtime( domain , object , name )
Summary

Create, etc runtime objects with an automatic type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

object

The class of the object being created.

name

The name of the object being created.

files_exec_etc_files( domain )
Summary

Execute generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_exec_usr_files( domain )
Summary

Execute generic programs in /usr in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_exec_usr_src_files( domain )
Summary

Execute programs in /usr/src in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_execmod_all_files( domain )
Summary

Allow shared library text relocations in all files.

Description

Allow shared library text relocations in all files.

This is added to support WINE policy.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_dirs( domain )
Summary

Get the attributes of all directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_file_type_fs( domain )
Summary

Get the attributes of all filesystems with the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_files( domain )
Summary

Get the attributes of all files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_mountpoints( domain )
Summary

Get the attributes of all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_pipes( domain )
Summary

Get the attributes of all named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_sockets( domain )
Summary

Get the attributes of all named sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_symlinks( domain )
Summary

Get the attributes of all symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_all_tmp_files( domain )
Summary

Allow attempts to get the attributes of all tmp files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_boot_dirs( domain )
Summary

Get attributes of the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_default_dirs( domain )
Summary

Getattr of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_generic_locks( domain )
Summary

Get the attributes of generic lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_home_dir( domain )
Summary

Get the attributes of the home directories root (/home).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_isid_type_dirs( domain )
Summary

Getattr of directories on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_kernel_modules( domain )
Summary

Get the attributes of kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_lost_found_dirs( domain )
Summary

Get the attributes of lost+found directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_tmp_dirs( domain )
Summary

Get the attributes of the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_usr_files( domain )
Summary

Get the attributes of files in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_usr_src_files( domain )
Summary

Get the attributes of files in /usr/src.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_getattr_var_lib_dirs( domain )
Summary

Get the attributes of the /var/lib directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_home_filetrans( domain , home_type , object , name )
Summary

Create objects in /home.

Parameters
Parameter:Description:
domain

Domain allowed access.

home_type

The private type.

object

The class of the object being created.

name

The name of the object being created.

files_kernel_modules_filetrans( domain , private_type , object_class , name )
Summary

Create objects in the kernel module directories with a private type via an automatic type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private_type

The type of the object to be created.

object_class

The object class of the object being created.

name

The name of the object being created.

files_list_all( domain )
Summary

List the contents of all directories on extended attribute filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_all_mountpoints( domain )
Summary

List all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_all_tmp( domain )
Summary

List all tmp directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_boot( domain )
Summary

List the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_default( domain )
Summary

List contents of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_etc( domain )
Summary

List the contents of /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_home( domain )
Summary

Get listing of home directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_isid_type_dirs( domain )
Summary

List the contents of directories on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_kernel_modules( domain )
Summary

List the contents of the kernel module directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_locks( domain )
Summary

List generic lock directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_lost_found( domain )
Summary

List the contents of lost+found directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_mnt( domain )
Summary

List the contents of /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_non_auth_dirs( domain )
Summary

Read all non-authentication related directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_non_security( domain )
Summary

List all non-security directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_pids( domain )
Summary

List the contents of the runtime process ID directories (/var/run).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_root( domain )
Summary

List the contents of the root directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_spool( domain )
Summary

List the contents of generic spool (/var/spool) directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_tmp( domain )
Summary

Read the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_usr( domain )
Summary

List the contents of generic directories in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_var( domain )
Summary

List the contents of /var.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_var_lib( domain )
Summary

List the contents of the /var/lib directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_list_world_readable( domain )
Summary

List world-readable directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_lock_file( type )
Summary

Make the specified type usable for lock files.

Parameters
Parameter:Description:
type

Type to be used for lock files.

files_lock_filetrans( domain , private type , object , name )
Summary

Create an object in the locks directory, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

name

The name of the object being created.

files_manage_all_files( domain , exception_types )
Summary

Manage all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

Domain allowed access.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_manage_all_locks( domain )
Summary

manage all lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_all_pids( domain )
Summary

Create, read, write and delete all var_run (pid) content

Parameters
Parameter:Description:
domain

Domain alloed access.

files_manage_boot_dirs( domain )
Summary

Create, read, write, and delete directories in /boot.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_boot_files( domain )
Summary

Create, read, write, and delete files in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_boot_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_config_dirs( domain )
Summary

Manage all configuration directories on filesystem

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_config_files( domain )
Summary

Manage all configuration files on filesystem

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_default_dirs( domain )
Summary

Create, read, write, and delete directories with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_default_files( domain )
Summary

Create, read, write, and delete files with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_etc_dirs( domain )
Summary

Manage generic directories in /etc

Parameters
Parameter:Description:
domain

Domain allowed access

files_manage_etc_files( domain )
Summary

Create, read, write, and delete generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_etc_runtime_files( domain )
Summary

Create, read, write, and delete files in /etc that are dynamically created on boot, such as mtab.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_etc_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_locks( domain )
Summary

Create, read, write, and delete generic lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_spool( domain )
Summary

Create, read, write, and delete generic spool files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_spool_dirs( domain )
Summary

Create, read, write, and delete generic spool directories (/var/spool).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_tmp_dirs( domain )
Summary

Manage temporary directories in /tmp.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_generic_tmp_files( domain )
Summary

Manage temporary files and directories in /tmp.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_blk_files( domain )
Summary

Create, read, write, and delete block device nodes on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_chr_files( domain )
Summary

Create, read, write, and delete character device nodes on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_dirs( domain )
Summary

Create, read, write, and delete directories on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_files( domain )
Summary

Create, read, write, and delete files on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_isid_type_symlinks( domain )
Summary

Create, read, write, and delete symbolic links on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_kernel_modules( domain )
Summary

Create, read, write, and delete kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_lost_found( domain )
Summary

Create, read, write, and delete objects in lost+found directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mnt_dirs( domain )
Summary

Create, read, write, and delete directories in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mnt_files( domain )
Summary

Create, read, write, and delete files in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mnt_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_mounttab( domain )
Summary

Allow domain to manage mount tables necessary for rpcd, nfsd, etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_non_auth_files( domain )
Summary

Manage non-authentication related files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_non_security_dirs( domain )
Summary

Allow attempts to manage non-security directories

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_urandom_seed( domain )
Summary

Create, read, write, and delete the pseudorandom number generator seed.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_usr_files( domain )
Summary

Create, read, write, and delete files in the /usr directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_var_dirs( domain )
Summary

Create, read, write, and delete directories in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_var_files( domain )
Summary

Create, read, write, and delete files in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_manage_var_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mount_all_file_type_fs( domain )
Summary

Mount all filesystems with the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_all_mountpoints( domain )
Summary

Mount a filesystem on all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_all_poly_members( domain )
Summary

Mount filesystems on all polyinstantiation member directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_default( domain )
Summary

Mount a filesystem on a directory with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_isid_type_dirs( domain )
Summary

Mount a filesystem on a directory on new filesystems that has not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_mnt( domain )
Summary

Mount a filesystem on /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mounton_non_security( domain )
Summary

Mount a filesystem on all non-security directories and files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_mountpoint( type )
Summary

Make the specified type usable for filesystem mount points.

Parameters
Parameter:Description:
type

Type to be used for mount points.

files_pid_file( type )
Summary

Make the specified type usable for runtime process ID files.

Description

Make the specified type usable for runtime process ID files, typically found in /var/run. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a PID file type may result in problems with starting or stopping services.

Related interfaces:

  • files_pid_filetrans()

Example usage with a domain that can create and write its PID file with a private PID file type in the /var/run directory:

type mypidfile_t; files_pid_file(mypidfile_t) allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; files_pid_filetrans(mydomain_t, mypidfile_t, file)

Parameters
Parameter:Description:
type

Type to be used for PID files.

files_pid_filetrans( domain , private type , object , name )
Summary

Create an object in the process ID directory, with a private type.

Description

Create an object in the process ID directory (e.g., /var/run) with a private type. Typically this is used for creating private PID files in /var/run with the private type instead of the general PID file type. To accomplish this goal, either the program must be SELinux-aware, or use this interface.

Related interfaces:

  • files_pid_file()

Example usage with a domain that can create and write its PID file with a private PID file type in the /var/run directory:

type mypidfile_t; files_pid_file(mypidfile_t) allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms }; files_pid_filetrans(mydomain_t, mypidfile_t, file)

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

name

The name of the object being created.

files_pid_filetrans_lock_dir( domain , name )
Summary

Create a generic lock directory within the run directories

Parameters
Parameter:Description:
domain

Domain allowed access

name

The name of the object being created.

files_poly( file_type )
Summary

Make the specified type a polyinstantiated directory.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a polyinstantiated directory.

files_poly_member( file_type )
Summary

Make the specified type a polyinstantiation member directory.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a member directory.

files_poly_member_tmp( domain , file_type )
Summary

Make the domain use the specified type of polyinstantiated directory.

Parameters
Parameter:Description:
domain

Domain using the polyinstantiated directory.

file_type

Type of the file to be used as a member directory.

files_poly_parent( file_type )
Summary

Make the specified type a parent of a polyinstantiated directory.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a parent directory.

files_polyinstantiate_all( domain )
Summary

Allow access to manage all polyinstantiated directories on the system.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_purge_tmp( domain )
Summary

Delete the contents of /tmp.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_blk_files( domain )
Summary

Read all block nodes with file types.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_chr_files( domain )
Summary

Read all character nodes with file types.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_dirs_except( domain , exception_types )
Summary

Read all directories on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

Domain allowed access.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_files( domain )
Summary

Read all files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_files_except( domain , exception_types )
Summary

Read all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

Domain allowed access.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_locks( domain )
Summary

Read all lock files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_pids( domain )
Summary

Read all process ID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_symlinks( domain )
Summary

Read all symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_all_symlinks_except( domain , exception_types )
Summary

Read all symbolic links on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

Domain allowed access.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_read_all_tmp_files( domain )
Summary

Read all tmp files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_boot_files( domain )
Summary

read files in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_boot_symlinks( domain )
Summary

Read symbolic links in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_config_files( domain )
Summary

Read config files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_files( domain )
Summary

Read files with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_pipes( domain )
Summary

Read named pipes with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_sockets( domain )
Summary

Read sockets with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_default_symlinks( domain )
Summary

Read symbolic links with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_etc_files( domain )
Summary

Read generic files in /etc.

Description

Allow the specified domain to read generic files in /etc. These files are typically general system configuration files that do not have more specific SELinux types. Some examples of these files are:

  • /etc/fstab

  • /etc/passwd

  • /etc/services

  • /etc/shells

This interface does not include access to /etc/shadow.

Generally, it is safe for many domains to have this access. However, since this interface provides access to the /etc/passwd file, caution must be exercised, as user account names can be leaked through this access.

Related interfaces:

  • auth_read_shadow()

  • files_read_etc_runtime_files()

  • seutil_read_config()

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_etc_runtime_files( domain )
Summary

Read files in /etc that are dynamically created on boot, such as mtab.

Description

Allow the specified domain to read dynamically created configuration files in /etc. These files are typically general system configuration files that do not have more specific SELinux types. Some examples of these files are:

  • /etc/motd

  • /etc/mtab

  • /etc/nologin

This interface does not include access to /etc/shadow.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_etc_symlinks( domain )
Summary

Read symbolic links in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_pids( domain )
Summary

Read generic process ID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_spool( domain )
Summary

Read generic spool files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_tmp_files( domain )
Summary

Read files in the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_generic_tmp_symlinks( domain )
Summary

Read symbolic links in the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_isid_type_files( domain )
Summary

Read files on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_kernel_img( domain )
Summary

Read kernel files in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_kernel_modules( domain )
Summary

Read kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_kernel_symbol_table( domain )
Summary

Read system.map in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_mnt_files( domain )
Summary

read files in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_mnt_symlinks( domain )
Summary

Read symbolic links in /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_non_auth_files( domain )
Summary

Read all non-authentication related files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_non_auth_symlinks( domain )
Summary

Read all non-authentication related symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_non_security_files( domain )
Summary

Read all non-security files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_usr_files( domain )
Summary

Read generic files in /usr.

Description

Allow the specified domain to read generic files in /usr. These files are various program files that do not have more specific SELinux types. Some examples of these files are:

  • /usr/include/*

  • /usr/share/doc/*

  • /usr/share/info/*

Generally, it is safe for many domains to have this access.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_usr_src_files( domain )
Summary

Read files in /usr/src.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_usr_symlinks( domain )
Summary

Read symbolic links in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_files( domain )
Summary

Read files in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_lib_files( domain )
Summary

Read generic files in /var/lib.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_lib_symlinks( domain )
Summary

Read generic symbolic links in /var/lib

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_var_symlinks( domain )
Summary

Read symbolic links in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_files( domain )
Summary

Read world-readable files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_pipes( domain )
Summary

Read world-readable named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_sockets( domain )
Summary

Read world-readable sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_read_world_readable_symlinks( domain )
Summary

Read world-readable symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_all_file_type_fs( domain )
Summary

Relabel a filesystem to the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_all_files( domain , exception_types )
Summary

Relabel all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

Domain allowed access.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_relabel_all_lock_dirs( domain )
Summary

Relabel to and from all lock directory types.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_all_tmp_dirs( domain )
Summary

Relabel to and from all temporary directory types.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_all_tmp_files( domain )
Summary

Relabel to and from all temporary file types.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_config_dirs( domain )
Summary

Relabel configuration directories

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_config_files( domain )
Summary

Relabel configuration files

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_etc_files( domain )
Summary

Relabel from and to generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_kernel_modules( domain )
Summary

Relabel from and to kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_non_auth_files( domain )
Summary

Relabel all non-authentication related files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabel_rootfs( domain )
Summary

Relabel to and from rootfs file system.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelfrom_boot_files( domain )
Summary

Relabel from files in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelfrom_usr_files( domain )
Summary

Relabel a file from the type used in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelto_all_file_type_fs( domain )
Summary

Relabel a filesystem to the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelto_home( domain )
Summary

Relabel to user home root (/home).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_relabelto_usr_files( domain )
Summary

Relabel a file to the type used in /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_root_filetrans( domain , private type , object , name )
Summary

Create an object in the root directory, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

name

The name of the object being created.

files_rw_all_files( domain , exception_types )
Summary

rw all files on the filesystem, except the listed exceptions.

Parameters
Parameter:Description:
domain

Domain allowed access.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

files_rw_boot_symlinks( domain )
Summary

Read and write symbolic links in the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_etc_dirs( domain )
Summary

Add and remove entries from /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_etc_files( domain )
Summary

Read and write generic files in /etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_etc_runtime_files( domain )
Summary

Read and write files in /etc that are dynamically created on boot, such as mtab.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_generic_pids( domain )
Summary

Read and write generic process ID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_generic_tmp_sockets( domain )
Summary

Read and write generic named sockets in the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_isid_type_blk_files( domain )
Summary

Read and write block device nodes on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_isid_type_dirs( domain )
Summary

Read and write directories on new filesystems that have not yet been labeled. (Deprecated)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_lock_dirs( domain )
Summary

Add and remove entries in the /var/lock directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_non_auth_files( domain )
Summary

rw non-authentication related files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_usr_dirs( domain )
Summary

Add and remove entries from /usr directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_var_files( domain )
Summary

Read and write files in the /var directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_rw_var_lib_dirs( domain )
Summary

Read-write /var/lib directories

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_all( domain )
Summary

Search the contents of all directories on extended attribute filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_all_mountpoints( domain )
Summary

Search all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_boot( domain )
Summary

Search the /boot directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_default( domain )
Summary

Search the contents of directories with the default file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_etc( domain )
Summary

Search the contents of /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_home( domain )
Summary

Search home directories root (/home).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_kernel_modules( domain )
Summary

Search the contents of the kernel module directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_locks( domain )
Summary

Search the locks directory (/var/lock).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_mnt( domain )
Summary

Search the contents of /mnt.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_pids( domain )
Summary

Search the contents of runtime process ID directories (/var/run).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_spool( domain )
Summary

Search the contents of generic spool directories (/var/spool).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_tmp( domain )
Summary

Search the tmp directory (/tmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_usr( domain )
Summary

Search the content of /usr.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_var( domain )
Summary

Search the contents of /var.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_search_var_lib( domain )
Summary

Search the /var/lib directory.

Description

Search the /var/lib directory. This is necessary to access files or directories under /var/lib that have a private type. For example, a domain accessing a private library file in the /var/lib directory:

allow mydomain_t mylibfile_t:file read_file_perms; files_search_var_lib(mydomain_t)

Parameters
Parameter:Description:
domain

Domain allowed access.

files_security_file( file_type )
Summary

Make the specified type a file that should not be dontaudited from browsing from user domains.

Parameters
Parameter:Description:
file_type

Type of the file to be used as a member directory.

files_security_mountpoint( type )
Summary

Make the specified type usable for security file filesystem mount points.

Parameters
Parameter:Description:
type

Type to be used for mount points.

files_setattr_all_mountpoints( domain )
Summary

Set the attributes of all mount points.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_setattr_all_tmp_dirs( domain )
Summary

Set the attributes of all tmp directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_setattr_etc_dirs( domain )
Summary

Set the attributes of the /etc directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_setattr_lock_dirs( domain )
Summary

Set the attributes of the generic lock directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_setattr_pid_dirs( domain )
Summary

Set the attributes of the /var/run directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_setattr_usr_dirs( domain )
Summary

Set the attributes of the /usr directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_spool_filetrans( domain , file , class , name )
Summary

Create objects in the spool directory with a private type with a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

file

Type to which the created node will be transitioned.

class

Object class(es) (single or set including {}) for which this the transition will occur.

name

The name of the object being created.

files_tmp_file( file_type )
Summary

Make the specified type a file used for temporary files.

Description

Make the specified type usable for temporary files. This will also make the type usable for files, making calls to files_type() redundant. Failure to use this interface for a temporary file may result in problems with purging temporary files.

Related interfaces:

  • files_tmp_filetrans()

Example usage with a domain that can create and write its temporary file in the system temporary file directories (/tmp or /var/tmp):

type mytmpfile_t; files_tmp_file(mytmpfile_t) allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms }; files_tmp_filetrans(mydomain_t, mytmpfile_t, file)

Parameters
Parameter:Description:
file_type

Type of the file to be used as a temporary file.

files_tmp_filetrans( domain , private type , object , name )
Summary

Create an object in the tmp directories, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

name

The name of the object being created.

files_tmpfs_file( type )
Summary

Transform the type into a file, for use on a virtual memory filesystem (tmpfs).

Parameters
Parameter:Description:
type

The type to be transformed.

files_type( type )
Summary

Make the specified type usable for files in a filesystem.

Description

Make the specified type usable for files in a filesystem. Types used for files that do not use this interface, or an interface that calls this one, will have unexpected behaviors while the system is running. If the type is used for device nodes (character or block files), then the dev_node() interface is more appropriate.

Related interfaces:

  • application_domain()

  • application_executable_file()

  • corecmd_executable_file()

  • init_daemon_domain()

  • init_domaion()

  • init_ranged_daemon_domain()

  • init_ranged_domain()

  • init_ranged_system_domain()

  • init_script_file()

  • init_script_domain()

  • init_system_domain()

  • files_config_files()

  • files_lock_file()

  • files_mountpoint()

  • files_pid_file()

  • files_security_file()

  • files_security_mountpoint()

  • files_tmp_file()

  • files_tmpfs_file()

  • logging_log_file()

  • userdom_user_home_content()

Example:

type myfile_t; files_type(myfile_t) allow mydomain_t myfile_t:file read_file_perms;

Parameters
Parameter:Description:
type

Type to be used for files.

files_unconfined( domain )
Summary

Unconfined access to files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_unmount_all_file_type_fs( domain )
Summary

Unmount all filesystems with the type of a file.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_unmount_rootfs( domain )
Summary

Unmount a rootfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_usr_filetrans( domain , file_type , object_class , name )
Summary

Create objects in the /usr directory

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

The type of the object to be created

object_class

The object class.

name

The name of the object being created.

files_var_filetrans( domain , file_type , object_class , name )
Summary

Create objects in the /var directory

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

The type of the object to be created

object_class

The object class.

name

The name of the object being created.

files_var_lib_filetrans( domain , file_type , object_class , name )
Summary

Create objects in the /var/lib directory

Parameters
Parameter:Description:
domain

Domain allowed access.

file_type

The type of the object to be created

object_class

The object class.

name

The name of the object being created.

files_write_generic_pid_pipes( domain )
Summary

Write named generic process ID pipes

Parameters
Parameter:Description:
domain

Domain allowed access.

files_write_kernel_modules( domain )
Summary

Write kernel module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

files_write_non_security_dirs( domain )
Summary

Allow attempts to modify any directory

Parameters
Parameter:Description:
domain

Domain allowed access.

files_write_var_dirs( domain )
Summary

Allow attempts to write to /var.dirs

Parameters
Parameter:Description:
domain

Domain allowed access.

Return