Layer: system

Module: userdomain

Tunables Interfaces Templates

Description:

Policy for user domains

Tunables:

allow_user_mysql_connect

Default value

false

Description

Allow users to connect to mysql

allow_user_postgresql_connect

Default value

false

Description

Allow users to connect to PostgreSQL

user_direct_mouse

Default value

false

Description

Allow regular users direct mouse access

user_dmesg

Default value

false

Description

Allow users to read system messages.

user_rw_noexattrfile

Default value

false

Description

Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)

user_ttyfile_stat

Default value

false

Description

Allow w to display everyone

Return

Interfaces:

userdom_attach_admin_tun_iface(
	
		domain
		
	)

Summary

Allow domain to attach to TUN devices created by administrative users.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_bin_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute bin_t in the unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_create_all_users_keys(
	
		domain
		
	)

Summary

Create keys for all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_create_user_home_dirs(
	
		domain
		
	)

Summary

Create user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_create_user_pty(
	
		domain
		
	)

Summary

Create a user pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_dbus_send_all_users(
	
		domain
		
	)

Summary

Send a dbus message to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content_dirs(
	
		domain
		
	)

Summary

Delete all user home content directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content_files(
	
		domain
		
	)

Summary

Delete all user home content files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content_symlinks(
	
		domain
		
	)

Summary

Delete all user home content symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_home_content_dirs(
	
		domain
		
	)

Summary

Delete directories in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_home_content_files(
	
		domain
		
	)

Summary

Delete files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_home_content_symlinks(
	
		domain
		
	)

Summary

Delete symbolic links in a user home directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_tmpfs_files(
	
		domain
		
	)

Summary

Delete user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_dontaudit_append_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to append user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_append_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to append users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_exec_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to execute user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_getattr_user_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of user home directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_getattr_user_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_list_user_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to list user home subdirectories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_list_user_tmp(
	
		domain
		
	)

Summary

Do not audit attempts to list user temporary directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_manage_user_home_content_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_manage_user_tmp_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to manage users temporary directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_manage_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to manage users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to read user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to read users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_relabel_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to write user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_relabelfrom_user_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to relabel files from user pty types.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_search_user_home_content(
	
		domain
		
	)

Summary

Do not audit attempts to search user home content directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_search_user_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search user home directories.

Description

Do not audit attempts to search user home directories. This will supress SELinux denial messages when the specified domain is denied the permission to search these directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_setattr_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to set the attributes of user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_setattr_user_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to set the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_all_users_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit the file descriptors from any user domains.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_unpriv_user_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit the file descriptors from unprivileged user domains.

Description

Do not audit attempts to inherit the file descriptors from unprivileged user domains. This will supress SELinux denial messages when the specified domain is denied the permission to inherit these file descriptors.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_user_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to use user ptys.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_user_terminals(
	
		domain
		
	)

Summary

Do not audit attempts to read and write a user domain tty and pty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_user_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to use user ttys.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_write_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to write user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_entry_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute all entrypoint files in unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_exec_user_home_content_files(
	
		domain
		
	)

Summary

Execute user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_exec_user_tmp_files(
	
		domain
		
	)

Summary

The execute access user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_all_users(
	
		domain
		
	)

Summary

Get the attributes of all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_user_home_dirs(
	
		domain
		
	)

Summary

Get the attributes of user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_user_ttys(
	
		domain
		
	)

Summary

Get the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_home_filetrans_user_home_dir(
	
		domain
		
			,
		
		name
		
	)

Summary

Create directories in the home dir root with the user home directory type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
name	The name of the object being created.

userdom_list_all_user_home_content(
	
		domain
		
	)

Summary

List all users home content directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_user_home_content(
	
		domain
		
	)

Summary

List contents of users home directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_user_home_dirs(
	
		domain
		
	)

Summary

List user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_user_tmp(
	
		domain
		
	)

Summary

List user temporary directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_home_role(
	
		role
		
			,
		
		userdomain
		
	)

Summary

Allow a home directory for which the role has full access.

Description

Allow a home directory for which the role has full access.

This does not allow execute access.

Parameters

Parameter:	Description:
role	The user role
userdomain	The user domain

userdom_manage_tmp_role(
	
		role
		
			,
		
		domain
		
	)

Summary

Manage user temporary files

Parameters

Parameter:	Description:
role	Role allowed access.
domain	Domain allowed access.

userdom_manage_tmpfs_role(
	
		role
		
			,
		
		domain
		
	)

Summary

Role access for the user tmpfs type that the user has full access.

Description

Role access for the user tmpfs type that the user has full access.

This does not allow execute access.

Parameters

Parameter:	Description:
role	Role allowed access.
domain	Domain allowed access.

userdom_manage_unpriv_user_semaphores(
	
		domain
		
	)

Summary

Manage unpriviledged user SysV sempaphores.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_unpriv_user_shared_mem(
	
		domain
		
	)

Summary

Manage unpriviledged user SysV shared memory segments.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_dirs(
	
		domain
		
	)

Summary

Create user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_files(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary named pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary named sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmpfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_mmap_user_home_content_files(
	
		domain
		
	)

Summary

Mmap user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_all_users_state(
	
		domain
		
	)

Summary

Read the process state of all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_home_content_files(
	
		domain
		
	)

Summary

Read user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_home_content_symlinks(
	
		domain
		
	)

Summary

Read user home subdirectory symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_tmp_files(
	
		domain
		
	)

Summary

Read user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_tmp_symlinks(
	
		domain
		
	)

Summary

Read user temporary symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_tmpfs_files(
	
		domain
		
	)

Summary

Read user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabelto_user_home_dirs(
	
		domain
		
	)

Summary

Relabel to user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabelto_user_ptys(
	
		domain
		
	)

Summary

Relabel files to unprivileged user pty types.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_ro_home_role(
	
		role
		
			,
		
		userdomain
		
	)

Summary

Allow a home directory for which the role has read-only access.

Description

Allow a home directory for which the role has read-only access.

This does not allow execute access.

Parameters

Parameter:	Description:
role	The user role
userdomain	The user domain

userdom_rw_unpriv_user_semaphores(
	
		domain
		
	)

Summary

Read and write unpriviledged user SysV sempaphores.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_unpriv_user_shared_mem(
	
		domain
		
	)

Summary

Read and write unpriviledged user SysV shared memory segments.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_user_tmp_files(
	
		domain
		
	)

Summary

Read and write user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_user_tmpfs_files(
	
		domain
		
	)

Summary

Read user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_search_user_home_content(
	
		domain
		
	)

Summary

Search users home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_search_user_home_dirs(
	
		domain
		
	)

Summary

Search user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_all_user_home_content_dirs(
	
		domain
		
	)

Summary

Set attributes of all user home content directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_user_ptys(
	
		domain
		
	)

Summary

Set the attributes of a user pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_user_ttys(
	
		domain
		
	)

Summary

Set the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_sigchld_all_users(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_signal_all_users(
	
		domain
		
	)

Summary

Send general signals to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_signal_unpriv_users(
	
		domain
		
	)

Summary

Send general signals to unprivileged user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_signull_unpriv_users(
	
		domain
		
	)

Summary

Send signull to unprivileged user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_spec_domtrans_all_users(
	
		domain
		
	)

Summary

Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute a shell in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_tmp_filetrans_user_tmp(
	
		domain
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the temporary directory with an automatic type transition to the user temporary type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_use_all_users_fds(
	
		domain
		
	)

Summary

Inherit the file descriptors from all user domains

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_unpriv_users_fds(
	
		domain
		
	)

Summary

Inherit the file descriptors from unprivileged user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_user_ptys(
	
		domain
		
	)

Summary

Read and write a user domain pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_user_terminals(
	
		domain
		
	)

Summary

Read and write a user TTYs and PTYs.

Description

Allow the specified domain to read and write user TTYs and PTYs. This will allow the domain to interact with the user via the terminal. Typically all interactive applications will require this access.

However, this also allows the applications to spy on user sessions or inject information into the user session. Thus, this access should likely not be allowed for non-interactive domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_user_ttys(
	
		domain
		
	)

Summary

Read and write a user domain tty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_user_application_domain(
	
		type
		
			,
		
		type
		
	)

Summary

Make the specified type usable as a user application domain.

Parameters

Parameter:	Description:
type	Type to be used as a user application domain.
type	Type to be used as the domain entry point.

userdom_user_application_type(
	
		type
		
	)

Summary

Make the specified type usable as a user application domain type.

Parameters

Parameter:	Description:
type	Type to be used as a user application domain.

userdom_user_home_content(
	
		type
		
	)

Summary

Make the specified type usable in a user home directory.

Parameters

Parameter:	Description:
type	Type to be used as a file in the user home directory.

userdom_user_home_content_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user home directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_home_dir_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user home directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_home_dir_filetrans_user_home_content(
	
		domain
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user home directory with an automatic type transition to the user home file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_home_domtrans(
	
		source_domain
		
			,
		
		target_domain
		
	)

Summary

Do a domain transition to the specified domain when executing a program in the user home directory.

Description

Do a domain transition to the specified domain when executing a program in the user home directory.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:
source_domain	Domain allowed to transition.
target_domain	Domain to transition to.

userdom_user_tmp_file(
	
		type
		
	)

Summary

Make the specified type usable as a user temporary file.

Parameters

Parameter:	Description:
type	Type to be used as a file in the temporary directories.

userdom_user_tmp_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user temporary directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_tmpfs_file(
	
		type
		
	)

Summary

Make the specified type usable as a user tmpfs file.

Parameters

Parameter:	Description:
type	Type to be used as a file in tmpfs directories.

userdom_write_user_tmp_files(
	
		domain
		
	)

Summary

Write all users files in /tmp

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_write_user_tmp_sockets(
	
		domain
		
	)

Summary

Write to user temporary named sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_xsession_spec_domtrans_all_users(
	
		domain
		
	)

Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_xsession_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

Return

Templates:

userdom_admin_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating an administrative user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

The privileges given to administrative users are:

Raw disk access

Set all sysctls

All kernel ring buffer controls

Create, read, write, and delete all files but shadow

Manage source and binary format SELinux policy

Run insmod

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., sysadm is the prefix for sysadm_t).

userdom_base_user_template(
	
		userdomain_prefix
		
	)

Summary

The template containing the most basic rules common to all users.

Description

The template containing the most basic rules common to all users.

This template creates a user domain, types, and rules for the user's tty and pty.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_basic_networking_template(
	
		userdomain_prefix
		
	)

Summary

The template allowing the user basic network permissions

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_change_password_template(
	
		userdomain_prefix
		
	)

Summary

The template for allowing the user to change passwords.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_common_user_template(
	
		userdomain_prefix
		
	)

Summary

The template containing rules common to unprivileged users and administrative users.

Description

This template creates a user domain, types, and rules for the user's tty, pty, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_login_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a login user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_restricted_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a unprivileged login user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_restricted_xwindows_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a unprivileged xwindows login user.

Description

The template for creating a unprivileged xwindows login user.

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_security_admin_template(
	
		domain
		
			,
		
		role
		
	)

Summary

Allow user to run as a secadm

Description

Create objects in a user home directory with an automatic type transition to a specified private type.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	The role of the object to create.

userdom_unpriv_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a unprivileged user roughly equivalent to a regular linux user.

Description

The template for creating a unprivileged user roughly equivalent to a regular linux user.

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_xwindows_client_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a user xwindows client. (Deprecated)

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

Return