Layer: kernel

Module: filesystem

Interfaces

Description:

Policy for filesystems.

This module is required to be included in all policies.


Interfaces:

fs_append_cifs_files( domain )
Summary

Append files on a CIFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_append_nfs_files( domain )
Summary

Append files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_associate( file_type )
Summary

Associate the specified file type to persistent filesystems with extended attributes. This allows a file of this type to be created on a filesystem such as ext3, JFS, and XFS.

Parameters
Parameter:Description:
file_type

The type of the to be associated.

fs_associate_hugetlbfs( type )
Summary

Allow the type to associate to hugetlbfs filesystems.

Parameters
Parameter:Description:
type

The type of the object to be associated.

fs_associate_noxattr( file_type )
Summary

Associate the specified file type to filesystems which lack extended attributes support. This allows a file of this type to be created on a filesystem such as FAT32, and NFS.

Parameters
Parameter:Description:
file_type

The type of the to be associated.

fs_associate_ramfs( type )
Summary

Allow the type to associate to ramfs filesystems.

Parameters
Parameter:Description:
type

The type of the object to be associated.

fs_associate_tmpfs( type )
Summary

Allow the type to associate to tmpfs filesystems.

Parameters
Parameter:Description:
type

The type of the object to be associated.

fs_cifs_domtrans( domain , target_domain )
Summary

Execute a file on a CIFS or SMB filesystem in the specified domain.

Description

Execute a file on a CIFS or SMB filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on CIFS/SMB filesystems, in particular used by the ssh-agent policy.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

target_domain

The type of the new process.

fs_delete_cgroup_dirs( domain )
Summary

Delete cgroup directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_dontaudit_append_cifs_files( domain )
Summary

dontaudit Append files on a CIFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_append_nfs_files( domain )
Summary

dontaudit Append files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_all_files( domain )
Summary

Do not audit attempts to get the attributes of all files with a filesystem type.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_all_fs( domain )
Summary

Do not audit attempts to get the attributes all filesystems.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_all_pipes( domain )
Summary

Do not audit attempts to get the attributes of all named pipes with a filesystem type.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_all_sockets( domain )
Summary

Do not audit attempts to get the attributes of all named sockets with a filesystem type.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_all_symlinks( domain )
Summary

Do not audit attempts to get the attributes of all symbolic links with a filesystem type.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_tmpfs_dirs( domain )
Summary

Do not audit attempts to get the attributes of tmpfs directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_tmpfs_files( domain )
Summary

Do not audit attempts to getattr generic tmpfs files.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_getattr_xattr_fs( domain )
Summary

Do not audit attempts to get the attributes of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_auto_mountpoints( domain )
Summary

Do not audit attempts to list directories of automatically mounted filesystems.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_cifs( domain )
Summary

Do not audit attempts to list the contents of directories on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_cifs_dirs( domain )
Summary

Do not audit attempts to read dirs on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_fusefs( domain )
Summary

Do not audit attempts to list the contents of directories on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_inotifyfs( domain )
Summary

Dontaudit List inotifyfs filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_nfs( domain )
Summary

Do not audit attempts to list the contents of directories on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_noxattr_fs( domain )
Summary

Do not audit attempts to list all noxattrfs directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_list_removable( domain )
Summary

Do not audit attempts to list removable storage directories.

Parameters
Parameter:Description:
domain

Domain not to audit.

fs_dontaudit_list_tmpfs( domain )
Summary

Do not audit attempts to list the contents of generic tmpfs directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_cifs_dirs( domain )
Summary

Do not audit attempts to create, read, write, and delete directories on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_cifs_files( domain )
Summary

Do not audit attempts to create, read, write, and delete files on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_fusefs_dirs( domain )
Summary

Do not audit attempts to create, read, write, and delete directories on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_fusefs_files( domain )
Summary

Do not audit attempts to create, read, write, and delete files on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_nfs_dirs( domain )
Summary

Do not audit attempts to create, read, write, and delete directories on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_nfs_files( domain )
Summary

Do not audit attempts to create, read, write, and delete files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_xenfs_dirs( domain )
Summary

Do not audit attempts to create, read, write, and delete directories on a XENFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_manage_xenfs_files( domain )
Summary

Do not audit attempts to create, read, write, and delete files on a XENFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_read_cifs_files( domain )
Summary

Do not audit attempts to read files on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_read_nfs_files( domain )
Summary

Do not audit attempts to read files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_read_nfs_symlinks( domain )
Summary

Dontaudit read symbolic links on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_read_noxattr_fs_files( domain )
Summary

Do not audit attempts to read all noxattrfs files.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_read_ramfs_files( domain )
Summary

Dontaudit read on a ramfs files.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_read_ramfs_pipes( domain )
Summary

Dontaudit read on a ramfs fifo_files.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_read_removable_files( domain )
Summary

Do not audit attempts to read removable storage files.

Parameters
Parameter:Description:
domain

Domain not to audit.

fs_dontaudit_rw_anon_inodefs_files( domain )
Summary

Do not audit attempts to read or write files on anon_inodefs file systems.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_rw_cgroup_files( domain )
Summary

Do not audit attempts to open, get attributes, read and write cgroup files.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_rw_cifs_files( domain )
Summary

Do not audit attempts to read or write files on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_rw_nfs_files( domain )
Summary

Do not audit attempts to read or write files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_rw_tmpfs_files( domain )
Summary

Do not audit attempts to read or write generic tmpfs files.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_search_ramfs( domain )
Summary

Dontaudit Search directories on a ramfs

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_use_tmpfs_chr_dev( domain )
Summary

dontaudit Read and write character nodes on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_write_noxattr_fs_files( domain )
Summary

Dont audit attempts to write to noxattrfs files.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_write_ramfs_pipes( domain )
Summary

Do not audit attempts to write to named pipes on a ramfs filesystem.

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_dontaudit_write_removable_files( domain )
Summary

Do not audit attempts to write removable storage files.

Parameters
Parameter:Description:
domain

Domain not to audit.

fs_dontaudit_write_tmpfs_dirs( domain )
Summary

Do not audit attempts to write tmpfs directories

Parameters
Parameter:Description:
domain

Domain to not audit.

fs_exec_cifs_files( domain )
Summary

Execute files on a CIFS or SMB network filesystem, in the caller domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_exec_fusefs_files( domain )
Summary

Execute files on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_exec_nfs_files( domain )
Summary

Execute files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_exec_noxattr( domain )
Summary

Execute files on a filesystem that does not support extended attributes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_get_all_fs_quotas( domain )
Summary

Get the quotas of all filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_get_xattr_fs_quotas( domain )
Summary

Get the filesystem quotas of a filesystem with extended attributes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_blk_files( domain )
Summary

Get the attributes of all block device nodes with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_chr_files( domain )
Summary

Get the attributes of all character device nodes with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_dirs( domain )
Summary

Get the attributes of all directories with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_files( domain )
Summary

Get the attributes of all files with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_fs( domain )
Summary

Get the attributes of all filesystems.

Description

Allow the specified domain to et the attributes of all filesystems. Example attributes:

  • Type of the file system (e.g., ext3)

  • Size of the file system

  • Available space on the file system

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_pipes( domain )
Summary

Get the attributes of all named pipes with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_sockets( domain )
Summary

Get the attributes of all named sockets with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_all_symlinks( domain )
Summary

Get the attributes of all symbolic links with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_autofs( domain )
Summary

Get the attributes of an automount pseudo filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_binfmt_misc_dirs( domain )
Summary

Get the attributes of directories on binfmt_misc filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_cgroup( domain )
Summary

Get attributes of cgroup filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_cifs( domain )
Summary

Get the attributes of a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_dos_fs( domain )
Summary

Get the attributes of a DOS filesystem, such as FAT32 or NTFS.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_hugetlbfs( domain )
Summary

Get the attributes of an hugetlbfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_iso9660_files( domain )
Summary

Read files on an iso9660 filesystem, which is usually used on CDs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_iso9660_fs( domain )
Summary

Get the attributes of an iso9660 filesystem, which is usually used on CDs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_nfs( domain )
Summary

Get the attributes of a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_nfsd_files( domain )
Summary

Getattr files on an nfsd filesystem

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_nfsd_fs( domain )
Summary

Get the attributes of a NFS server pseudo filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_noxattr_fs( domain )
Summary

Get the attributes of filesystems that do not have extended attribute support.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_ramfs( domain )
Summary

Get the attributes of a RAM filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_romfs( domain )
Summary

Get the attributes of a ROM filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_rpc_dirs( domain )
Summary

Read directories of RPC file system pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_rpc_pipefs( domain )
Summary

Get the attributes of a RPC pipe filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_tmpfs( domain )
Summary

Get the attributes of a tmpfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_tmpfs_dirs( domain )
Summary

Get the attributes of tmpfs directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_getattr_xattr_fs( domain )
Summary

Get the attributes of persistent filesystems which have extended attributes, such as ext3, JFS, or XFS.

Description

Allow the specified domain to get the attributes of a persistent filesystems which have extended attributes, such as ext3, JFS, or XFS. Example attributes:

  • Type of the file system (e.g., ext3)

  • Size of the file system

  • Available space on the file system

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_hugetlbfs_filetrans( domain , private type , object , name )
Summary

Create an object in a hugetlbfs filesystem, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

name

The name of the object being created.

fs_list_all( domain )
Summary

List all directories with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_auto_mountpoints( domain )
Summary

Read directories of automatically mounted filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_cgroup_dirs( domain )
Summary

list cgroup directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_cifs( domain )
Summary

List the contents of directories on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_dos( domain )
Summary

List dirs DOS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_hugetlbfs( domain )
Summary

List hugetlbfs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_inotifyfs( domain )
Summary

List inotifyfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_nfs( domain )
Summary

List NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_nfsd_fs( domain )
Summary

List NFS server directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_noxattr_fs( domain )
Summary

Read all noxattrfs directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_rpc( domain )
Summary

Read directories of RPC file system pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_list_tmpfs( domain )
Summary

List the contents of generic tmpfs directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_auto_mountpoints( domain )
Summary

Create, read, write, and delete auto moutpoints.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_autofs_symlinks( domain )
Summary

Create, read, write, and delete symbolic links on an autofs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_cgroup_dirs( domain )
Summary

Manage cgroup directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_cgroup_files( domain )
Summary

Manage cgroup files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_cifs_dirs( domain )
Summary

Create, read, write, and delete directories on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_cifs_files( domain )
Summary

Create, read, write, and delete files on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_cifs_named_pipes( domain )
Summary

Create, read, write, and delete named pipes on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_cifs_named_sockets( domain )
Summary

Create, read, write, and delete named sockets on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_cifs_symlinks( domain )
Summary

Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_configfs_dirs( domain )
Summary

Create, read, write, and delete dirs on a configfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_configfs_files( domain )
Summary

Create, read, write, and delete files on a configfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_dos_dirs( domain )
Summary

Create, read, write, and delete dirs on a DOS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_dos_files( domain )
Summary

Create, read, write, and delete files on a DOS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_fusefs_dirs( domain )
Summary

Create, read, write, and delete directories on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_fusefs_files( domain )
Summary

Create, read, write, and delete files on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_hugetlbfs_dirs( domain )
Summary

Manage hugetlbfs dirs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_nfs_dirs( domain )
Summary

Create, read, write, and delete directories on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_nfs_files( domain )
Summary

Create, read, write, and delete files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_nfs_named_pipes( domain )
Summary

Create, read, write, and delete named pipes on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_nfs_named_sockets( domain )
Summary

Create, read, write, and delete named sockets on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_nfs_symlinks( domain )
Summary

Create, read, write, and delete symbolic links on a NFS network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_noxattr_fs_dirs( domain )
Summary

Create, read, write, and delete all noxattrfs directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_noxattr_fs_files( domain )
Summary

Create, read, write, and delete all noxattrfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_ramfs_dirs( domain )
Summary

Create, read, write, and delete directories on a ramfs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_ramfs_files( domain )
Summary

Create, read, write, and delete files on a ramfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_ramfs_pipes( domain )
Summary

Create, read, write, and delete named pipes on a ramfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_ramfs_sockets( domain )
Summary

Create, read, write, and delete named sockets on a ramfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_tmpfs_blk_files( domain )
Summary

Read and write, create and delete block nodes on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_tmpfs_chr_files( domain )
Summary

Read and write, create and delete character nodes on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_tmpfs_dirs( domain )
Summary

Create, read, write, and delete tmpfs directories

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_tmpfs_files( domain )
Summary

Read and write, create and delete generic files on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_tmpfs_sockets( domain )
Summary

Read and write, create and delete socket files on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_tmpfs_symlinks( domain )
Summary

Read and write, create and delete symbolic links on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_xenfs_dirs( domain )
Summary

Create, read, write, and delete directories on a XENFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_manage_xenfs_files( domain )
Summary

Create, read, write, and delete files on a XENFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_all_fs( domain )
Summary

Mount all filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_autofs( domain )
Summary

Mount an automount pseudo filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_cgroup( domain )
Summary

Mount cgroup filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_cifs( domain )
Summary

Mount a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_dos_fs( domain )
Summary

Mount a DOS filesystem, such as FAT32 or NTFS.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_fusefs( domain )
Summary

Mount a FUSE filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_iso9660_fs( domain )
Summary

Mount an iso9660 filesystem, which is usually used on CDs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_nfs( domain )
Summary

Mount a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_nfsd_fs( domain )
Summary

Mount a NFS server pseudo filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_ramfs( domain )
Summary

Mount a RAM filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_romfs( domain )
Summary

Mount a ROM filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_rpc_pipefs( domain )
Summary

Mount a RPC pipe filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_tmpfs( domain )
Summary

Mount a tmpfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_xattr_fs( domain )
Summary

Mount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mount_xenfs( domain )
Summary

Mount a XENFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mounton_cgroup( domain )
Summary

Mount on cgroup directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mounton_cifs( domain )
Summary

Mounton a CIFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mounton_fusefs( domain )
Summary

Mounton a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mounton_nfs( domain )
Summary

Mounton a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_mounton_tmpfs( domain )
Summary

Mount on tmpfs directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_nfs_domtrans( domain , target_domain )
Summary

Execute a file on a NFS filesystem in the specified domain.

Description

Execute a file on a NFS filesystem in the specified domain. This allows the specified domain to execute any file on a NFS filesystem in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on NFS filesystems, in particular used by the ssh-agent policy.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

target_domain

The type of the new process.

fs_noxattr_type( domain )
Summary

Transform specified type into a filesystem type which does not have extended attribute support.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_anon_inodefs_files( domain )
Summary

Read files on anon_inodefs file systems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_cgroup_files( domain )
Summary

Read cgroup files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_cifs_files( domain )
Summary

Read files on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_cifs_named_pipes( domain )
Summary

Read named pipes on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_cifs_named_sockets( domain )
Summary

Read named pipes on a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_cifs_symlinks( domain )
Summary

Read symbolic links on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_dos_files( domain )
Summary

Read files on a DOS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_eventpollfs( domain )
Summary

Read eventpollfs files.

Description

Read eventpollfs files

This interface has been deprecated, and will be removed in the future.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_fusefs_files( domain )
Summary

Read, a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_fusefs_symlinks( domain )
Summary

Read symbolic links on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_iso9660_files( domain )
Summary

Read files on an iso9660 filesystem, which is usually used on CDs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_nfs_files( domain )
Summary

Read files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_nfs_named_pipes( domain )
Summary

Read named pipes on a NFS network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_nfs_named_sockets( domain )
Summary

Read named sockets on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_nfs_symlinks( domain )
Summary

Read symbolic links on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_noxattr_fs_files( domain )
Summary

Read all noxattrfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_noxattr_fs_symlinks( domain )
Summary

Read all noxattrfs symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_removable_blk_files( domain )
Summary

Read block nodes on removable filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_removable_files( domain )
Summary

Read removable storage files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_removable_symlinks( domain )
Summary

Read removable storage symbolic links.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_rpc_files( domain )
Summary

Read files of RPC file system pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_rpc_sockets( domain )
Summary

Read sockets of RPC file system pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_rpc_symlinks( domain )
Summary

Read symbolic links of RPC file system pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_tmpfs_files( domain )
Summary

Read generic tmpfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_read_tmpfs_symlinks( domain )
Summary

Read tmpfs link files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_register_binary_executable_type( domain )
Summary

Register an interpreter for new binary file types, using the kernel binfmt_misc support.

Description

Register an interpreter for new binary file types, using the kernel binfmt_misc support.

A common use for this is to register a JVM as an interpreter for Java byte code. Registered binaries can be directly executed on a command line without specifying the interpreter.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_relabel_tmpfs_blk_file( domain )
Summary

Relabel block nodes on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_relabel_tmpfs_chr_file( domain )
Summary

Relabel character nodes on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_relabelfrom_all_fs( domain )
Summary

Relabelfrom all filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_relabelfrom_dos_fs( domain )
Summary

Allow changing of the label of a DOS filesystem using the context= mount option.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_relabelfrom_noxattr_fs( domain )
Summary

Relabel all objets from filesystems that do not support extended attributes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_relabelfrom_tmpfs( type )
Summary

Relabel from tmpfs filesystem.

Parameters
Parameter:Description:
type

Domain allowed access.

fs_relabelfrom_xattr_fs( domain )
Summary

Allow changing of the label of a filesystem with extended attributes using the context= mount option.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_all_fs( domain )
Summary

Remount all filesystems. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_autofs( domain )
Summary

Remount an automount pseudo filesystem This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_cgroup( domain )
Summary

Remount cgroup filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_cifs( domain )
Summary

Remount a CIFS or SMB network filesystem. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_dos_fs( domain )
Summary

Remount a DOS filesystem, such as FAT32 or NTFS. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_iso9660_fs( domain )
Summary

Remount an iso9660 filesystem, which is usually used on CDs. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_nfs( domain )
Summary

Remount a NFS filesystem. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_nfsd_fs( domain )
Summary

Mount a NFS server pseudo filesystem. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_ramfs( domain )
Summary

Remount a RAM filesystem. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_romfs( domain )
Summary

Remount a ROM filesystem. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_rpc_pipefs( domain )
Summary

Remount a RPC pipe filesystem. This allows some mount option to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_tmpfs( domain )
Summary

Remount a tmpfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_remount_xattr_fs( domain )
Summary

Remount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS. This allows some mount options to be changed.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_anon_inodefs_files( domain )
Summary

Read and write files on anon_inodefs file systems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_cgroup_files( domain )
Summary

Read and write cgroup files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_hugetlbfs_files( domain )
Summary

Read and write hugetlbfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_nfsd_fs( domain )
Summary

Read and write NFS server files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_ramfs_pipes( domain )
Summary

Read and write a named pipe on a ramfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_removable_blk_files( domain )
Summary

Read and write block nodes on removable filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_rpc_named_pipes( domain )
Summary

Read and write RPC pipe filesystem named pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_rpc_sockets( domain )
Summary

Read and write sockets of RPC file system pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_tmpfs_blk_files( domain )
Summary

Read and write block nodes on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_tmpfs_chr_files( domain )
Summary

Read and write character nodes on tmpfs filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_rw_tmpfs_files( domain )
Summary

Read and write generic tmpfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_all( domain )
Summary

Search all directories with a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_auto_mountpoints( domain )
Summary

Search automount filesystem to use automatically mounted filesystems.

Description

Allow the specified domain to search mount points that have filesystems that are mounted by the automount service. Generally this will be required for any domain that accesses objects on these filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_cgroup_dirs( domain )
Summary

Search cgroup directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_cifs( domain )
Summary

Search directories on a CIFS or SMB filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_dos( domain )
Summary

Search dosfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_fusefs( domain )
Summary

Search directories on a FUSEFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_inotifyfs( domain )
Summary

Search inotifyfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_nfs( domain )
Summary

Search directories on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_nfsd_fs( domain )
Summary

Search NFS server directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_ramfs( domain )
Summary

Search directories on a ramfs

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_removable( domain )
Summary

Search removable storage directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_rpc( domain )
Summary

Search directories of RPC file system pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_tmpfs( domain )
Summary

Search tmpfs directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_search_xenfs( domain )
Summary

Search the XENFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_set_all_quotas( domain )
Summary

Set the quotas of all filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_set_xattr_fs_quotas( domain )
Summary

Set the filesystem quotas of a filesystem with extended attributes.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_setattr_tmpfs_dirs( domain )
Summary

Set the attributes of tmpfs directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_tmpfs_filetrans( domain , private type , object , name )
Summary

Create an object in a tmpfs filesystem, with a private type using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object

The object class of the object being created.

name

The name of the object being created.

fs_type( domain )
Summary

Transform specified type into a filesystem type.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unconfined( domain )
Summary

Unconfined access to filesystems

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_all_fs( domain )
Summary

Unmount all filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_autofs( domain )
Summary

Unmount an automount pseudo filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_cgroup( domain )
Summary

Unmount cgroup filesystems.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_cifs( domain )
Summary

Unmount a CIFS or SMB network filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_dos_fs( domain )
Summary

Unmount a DOS filesystem, such as FAT32 or NTFS.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_fusefs( domain )
Summary

Unmount a FUSE filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_iso9660_fs( domain )
Summary

Unmount an iso9660 filesystem, which is usually used on CDs.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_nfs( domain )
Summary

Unmount a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_nfsd_fs( domain )
Summary

Unmount a NFS server pseudo filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_ramfs( domain )
Summary

Unmount a RAM filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_romfs( domain )
Summary

Unmount a ROM filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_rpc_pipefs( domain )
Summary

Unmount a RPC pipe filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_tmpfs( domain )
Summary

Unmount a tmpfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_unmount_xattr_fs( domain )
Summary

Unmount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_write_cgroup_files( domain )
Summary

Write cgroup files.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_write_nfs_files( domain )
Summary

Read files on a NFS filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_write_ramfs_pipes( domain )
Summary

Write to named pipe on a ramfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

fs_write_ramfs_sockets( domain )
Summary

Write to named socket on a ramfs filesystem.

Parameters
Parameter:Description:
domain

Domain allowed access.

Return