Changeset 159

Show
Ignore:
Timestamp:
01/09/08 14:53:39 (11 months ago)
Author:
bwilliams
Message:

fix bug in xml

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branch/refpol-merged/src/selinux-policy-refpol/build.conf

    r153 r159  
    1919# name.  Otherwise the policy type will be 
    2020# used for the name. 
    21 NAME = refpolicy 
     21NAME = clip 
    2222 
    2323# Distribution 

  • branch/refpol-merged/src/selinux-policy-refpol/doc/global_booleans.xml

    r153 r159  
    1818<desc> 
    1919<p> 
    20 boolean to determine whether the system permits loading policy, setting 
    21 enforcing mode, and changing boolean values.  Set this to true and you 
     20boolean to determine whether the system permits loading policy and setting 
     21enforcing mode.  Set this to true and you 
    2222have to reboot to set it back 
    2323</p> 
    2424</desc> 
    2525</bool> 
     26<bool name="log_all_relabels" dftval="false"> 
     27<desc> 
     28<p> 
     29log all relabels on the system 
     30</p> 
     31</desc> 
     32</bool> 

  • branch/refpol-merged/src/selinux-policy-refpol/doc/policy.xml

    r156 r159  
    4461344613<rolecap/> 
    4461444614</interface> 
    44615 <interface name="selinux_load_policy" lineno="218"> 
     44615<interface name="selinux_load_policy" lineno="213"> 
    4461644616<summary> 
    4461744617Allow caller to load the policy into the kernel. 
     
    4462344623</param> 
    4462444624</interface> 
    44625 <interface name="selinux_set_boolean" lineno="260"> 
     44625<interface name="selinux_set_boolean" lineno="251"> 
    4462644626<summary> 
    4462744627Allow caller to set the state of Booleans to 
     
    4464544645<rolecap/> 
    4464644646</interface> 
    44647 <interface name="selinux_set_parameters" lineno="300"> 
     44647<interface name="selinux_set_secure_mode" lineno="287"> 
     44648<summary> 
     44649Allow caller to change from secure_mode to unsecure_mode 
     44650</summary> 
     44651<desc> 
     44652<p> 
     44653Allow caller to set the state of Booleans to 
     44654enable or disable conditional portions of the policy. 
     44655</p> 
     44656<p> 
     44657Since this is a security event, this action is 
     44658always audited. 
     44659</p> 
     44660</desc> 
     44661<param name="domain"> 
     44662<summary> 
     44663The process type allowed to set the Boolean. 
     44664</summary> 
     44665</param> 
     44666<rolecap/> 
     44667</interface> 
     44668<interface name="selinux_set_parameters" lineno="321"> 
    4464844669<summary> 
    4464944670Allow caller to set SELinux access vector cache parameters. 
     
    4466744688<rolecap/> 
    4466844689</interface> 
    44669 <interface name="selinux_validate_context" lineno="324"> 
     44690<interface name="selinux_validate_context" lineno="345"> 
    4467044691<summary> 
    4467144692Allows caller to validate security contexts. 
     
    4467844699<rolecap/> 
    4467944700</interface> 
    44680 <interface name="selinux_compute_access_vector" lineno="345"> 
     44701<interface name="selinux_compute_access_vector" lineno="366"> 
    4468144702<summary> 
    4468244703Allows caller to compute an access vector. 
     
    4468944710<rolecap/> 
    4469044711</interface> 
    44691 <interface name="selinux_compute_create_context" lineno="366"> 
     44712<interface name="selinux_compute_create_context" lineno="387"> 
    4469244713<summary> 
    4469344714Calculate the default type for object creation. 
     
    4470044721<rolecap/> 
    4470144722</interface> 
    44702 <interface name="selinux_compute_member" lineno="387"> 
     44723<interface name="selinux_compute_member" lineno="408"> 
    4470344724<summary> 
    4470444725Allows caller to compute polyinstatntiated 
     
    4471144732</param> 
    4471244733</interface> 
    44713 <interface name="selinux_compute_relabel_context" lineno="416"> 
     44734<interface name="selinux_compute_relabel_context" lineno="437"> 
    4471444735<summary> 
    4471544736Calculate the context for relabeling objects. 
     
    4473044751</param> 
    4473144752</interface> 
    44732 <interface name="selinux_compute_user_contexts" lineno="436"> 
     44753<interface name="selinux_compute_user_contexts" lineno="457"> 
    4473344754<summary> 
    4473444755Allows caller to compute possible contexts for a user. 
     
    4474044761</param> 
    4474144762</interface> 
    44742 <interface name="selinux_unconfined" lineno="456"> 
     44763<interface name="selinux_unconfined" lineno="477"> 
    4474344764<summary> 
    4474444765Unconfined access to the SELinux kernel security server. 
     
    5924359264</param> 
    5924459265</template> 
    59245 <template name="userdom_role_change_generic_user" lineno="1489"> 
     59266<template name="userdom_role_change_generic_user" lineno="1490"> 
    5924659267<summary> 
    5924759268Change to the generic user role. 
     
    5926559286<rolecap/> 
    5926659287</template> 
    59267 <template name="userdom_role_change_from_generic_user" lineno="1516"> 
     59288<template name="userdom_role_change_from_generic_user" lineno="1517"> 
    5926859289<summary> 
    5926959290Change from the generic user role. 
     
    5928859309<rolecap/> 
    5928959310</template> 
    59290 <template name="userdom_role_change_staff" lineno="1542"> 
     59311<template name="userdom_role_change_staff" lineno="1543"> 
    5929159312<summary> 
    5929259313Change to the staff user role. 
     
    5931059331<rolecap/> 
    5931159332</template> 
    59312 <template name="userdom_role_change_from_staff" lineno="1569"> 
     59333<template name="userdom_role_change_from_staff" lineno="1570"> 
    5931359334<summary> 
    5931459335Change from the staff user role. 
     
    5933359354<rolecap/> 
    5933459355</template> 
    59335 <template name="userdom_role_change_sysadm" lineno="1595"> 
     59356<template name="userdom_role_change_sysadm" lineno="1596"> 
    5933659357<summary> 
    5933759358Change to the sysadm user role. 
     
    5935559376<rolecap/> 
    5935659377</template> 
    59357 <template name="userdom_role_change_from_sysadm" lineno="1622"> 
     59378<template name="userdom_role_change_from_sysadm" lineno="1623"> 
    5935859379<summary> 
    5935959380Change from the sysadm user role. 
     
    5937859399<rolecap/> 
    5937959400</template> 
    59380 <template name="userdom_role_change_secadm" lineno="1648"> 
     59401<template name="userdom_role_change_secadm" lineno="1649"> 
    5938159402<summary> 
    5938259403Change to the secadm user role. 
     
    5940059421<rolecap/> 
    5940159422</template> 
    59402 <template name="userdom_role_change_from_secadm" lineno="1679"> 
     59423<template name="userdom_role_change_from_secadm" lineno="1680"> 
    5940359424<summary> 
    5940459425Change from the secadm user role. 
     
    5942359444<rolecap/> 
    5942459445</template> 
    59425 <template name="userdom_role_change_auditadm" lineno="1709"> 
     59446<template name="userdom_role_change_auditadm" lineno="1710"> 
    5942659447<summary> 
    5942759448Change to the auditadm user role. 
     
    5944559466<rolecap/> 
    5944659467</template> 
    59447 <template name="userdom_role_change_from_auditadm" lineno="1740"> 
     59468<template name="userdom_role_change_from_auditadm" lineno="1741"> 
    5944859469<summary> 
    5944959470Change from the auditadm user role. 
     
    5946859489<rolecap/> 
    5946959490</template> 
    59470 <template name="userdom_user_home_content" lineno="1776"> 
     59491<template name="userdom_user_home_content" lineno="1777"> 
    5947159492<summary> 
    5947259493Make the specified type usable in a 
     
    5949659517</param> 
    5949759518</template> 
    59498 <template name="userdom_setattr_user_ptys" lineno="1810"> 
     59519<template name="userdom_setattr_user_ptys" lineno="1811"> 
    5949959520<summary> 
    5950059521Set the attributes of a user pty. 
     
    5952159542</param> 
    5952259543</template> 
    59523 <template name="userdom_create_user_pty" lineno="1843"> 
     59544<template name="userdom_create_user_pty" lineno="1844"> 
    5952459545<summary> 
    5952559546Create a user pty. 
     
    5954659567</param> 
    5954759568</template> 
    59548 <template name="userdom_search_user_home_dirs" lineno="1876"> 
     59569<template name="userdom_search_user_home_dirs" lineno="1877"> 
    5954959570<summary> 
    5955059571Search user home directories. 
     
    5957159592</param> 
    5957259593</template> 
    59573 <template name="userdom_list_user_home_dirs" lineno="1910"> 
     59594<template name="userdom_list_user_home_dirs" lineno="1911"> 
    5957459595<summary> 
    5957559596List user home directories. 
     
    5959659617</param> 
    5959759618</template> 
    59598 <template name="userdom_user_home_domtrans" lineno="1958"> 
     59619<template name="userdom_user_home_domtrans" lineno="1959"> 
    5959959620<summary> 
    5960059621Do a domain transition to the specified 
     
    5963559656</param> 
    5963659657</template> 
    59637 <template name="userdom_dontaudit_list_user_home_dirs" lineno="1993"> 
     59658<template name="userdom_dontaudit_list_user_home_dirs" lineno="1994"> 
    5963859659<summary> 
    5963959660Do not audit attempts to list user home subdirectories. 
     
    5966059681</param> 
    5966159682</template> 
    59662 <template name="userdom_manage_user_home_content_dirs" lineno="2028"> 
     59683<template name="userdom_manage_user_home_content_dirs" lineno="2029"> 
    5966359684<summary> 
    5966459685Create, read, write, and delete directories 
     
    5968759708</param> 
    5968859709</template> 
    59689 <template name="userdom_dontaudit_setattr_user_home_content_files" lineno="2064"> 
     59710<template name="userdom_dontaudit_setattr_user_home_content_files" lineno="2065"> 
    5969059711<summary> 
    5969159712Do not audit attempts to set the 
     
    5971459735</param> 
    5971559736</template> 
    59716 <template name="userdom_read_user_home_content_files" lineno="2097"> 
     59737<template name="userdom_read_user_home_content_files" lineno="2098"> 
    5971759738<summary> 
    5971859739Read user home files. 
     
    5973959760</param> 
    5974059761</template> 
    59741 <template name="userdom_dontaudit_read_user_home_content_files" lineno="2131"> 
     59762<template name="userdom_dontaudit_read_user_home_content_files" lineno="2132"> 
    5974259763<summary> 
    5974359764Do not audit attempts to read user home files. 
     
    5976459785</param> 
    5976559786</template> 
    59766 <template name="userdom_dontaudit_write_user_home_content_files" lineno="2165"> 
     59787<template name="userdom_dontaudit_write_user_home_content_files" lineno="2166"> 
    5976759788<summary> 
    5976859789Do not audit attempts to write user home files. 
     
    5978959810</param> 
    5979059811</template> 
    59791 <template name="userdom_read_user_home_content_symlinks" lineno="2198"> 
     59812<template name="userdom_read_user_home_content_symlinks" lineno="2199"> 
    5979259813<summary> 
    5979359814Read user home subdirectory symbolic links. 
     
    5981459835</param> 
    5981559836</template> 
    59816 <template name="userdom_exec_user_home_content_files" lineno="2232"> 
     59837<template name="userdom_exec_user_home_content_files" lineno="2233"> 
    5981759838<summary> 
    5981859839Execute user home files. 
     
    5983959860</param> 
    5984059861</template> 
    59841 <template name="userdom_dontaudit_exec_user_home_content_files" lineno="2266"> 
     59862<template name="userdom_dontaudit_exec_user_home_content_files" lineno="2267"> 
    5984259863<summary> 
    5984359864Do not audit attempts to execute user home files. 
     
    5986459885</param> 
    5986559886</template> 
    59866 <template name="userdom_manage_user_home_content_files" lineno="2301"> 
     59887<template name="userdom_manage_user_home_content_files" lineno="2302"> 
    5986759888<summary> 
    5986859889Create, read, write, and delete files 
     
    5989159912</param> 
    5989259913</template> 
    59893 <template name="userdom_dontaudit_manage_user_home_content_dirs" lineno="2338"> 
     59914<template name="userdom_dontaudit_manage_user_home_content_dirs" lineno="2339"> 
    5989459915<summary> 
    5989559916Do not audit attempts to create, read, write, and delete directories 
     
    5991859939</param> 
    5991959940</template> 
    59920 <template name="userdom_manage_user_home_content_symlinks" lineno="2373"> 
     59941<template name="userdom_manage_user_home_content_symlinks" lineno="2374"> 
    5992159942<summary> 
    5992259943Create, read, write, and delete symbolic links 
     
    5994559966</param> 
    5994659967</template> 
    59947 <template name="userdom_manage_user_home_content_pipes" lineno="2410"> 
     59968<template name="userdom_manage_user_home_content_pipes" lineno="2411"> 
    5994859969<summary> 
    5994959970Create, read, write, and delete named pipes 
     
    5997259993</param> 
    5997359994</template> 
    59974 <template name="userdom_manage_user_home_content_sockets" lineno="2447"> 
     59995<template name="userdom_manage_user_home_content_sockets" lineno="2448"> 
    5997559996<summary> 
    5997659997Create, read, write, and delete named sockets 
     
    5999960020</param> 
    6000060021</template> 
    60001 <template name="userdom_user_home_dir_filetrans" lineno="2497"> 
     60022<template name="userdom_user_home_dir_filetrans" lineno="2498"> 
    6000260023<summary> 
    6000360024Create objects in a user home directory 
     
    6003960060</param> 
    6004060061</template> 
    60041 <template name="userdom_user_home_content_filetrans" lineno="2546"> 
     60062<template name="userdom_user_home_content_filetrans" lineno="2547"> 
    6004260063<summary> 
    6004360064Create objects in a user home directory 
     
    6007960100</param> 
    6008060101</template> 
    60081 <template name="userdom_user_home_dir_filetrans_user_home_content" lineno="2590"> 
     60102<template name="userdom_user_home_dir_filetrans_user_home_content" lineno="2591"> 
    6008260103<summary> 
    6008360104Create objects in a user home directory 
     
    6011460135</param> 
    6011560136</template> 
    60116 <template name="userdom_write_user_tmp_sockets" lineno="2624"> 
     60137<template name="userdom_write_user_tmp_sockets" lineno="2625"> 
    6011760138<summary> 
    6011860139Write to user temporary named sockets. 
     
    6013960160</param> 
    6014060161</template> 
    60141 <template name="userdom_list_user_tmp" lineno="2658"> 
     60162<template name="userdom_list_user_tmp" lineno="2659"> 
    6014260163<summary> 
    6014360164List user temporary directories. 
     
    6016460185</param> 
    6016560186</template> 
    60166 <template name="userdom_dontaudit_list_user_tmp" lineno="2694"> 
     60187<template name="userdom_dontaudit_list_user_tmp" lineno="2695"> 
    6016760188<summary> 
    6016860189Do not audit attempts to list user 
     
    6019160212</param> 
    6019260213</template> 
    60193 <template name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2729"> 
     60214<template name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2730"> 
    6019460215<summary> 
    6019560216Do not audit attempts to manage users 
     
    6021860239</param> 
    6021960240</template> 
    60220 <template name="userdom_read_user_tmp_files" lineno="2762"> 
     60241<template name="userdom_read_user_tmp_files" lineno="2763"> 
    6022160242<summary> 
    6022260243Read user temporary files. 
     
    6024360264</param> 
    6024460265</template> 
    60245 <template name="userdom_dontaudit_read_user_tmp_files" lineno="2799"> 
     60266<template name="userdom_dontaudit_read_user_tmp_files" lineno="2800"> 
    6024660267<summary> 
    6024760268Do not audit attempts to read users 
     
    6027060291</param> 
    6027160292</template> 
    60272 <template name="userdom_dontaudit_append_user_tmp_files" lineno="2834"> 
     60293<template name="userdom_dontaudit_append_user_tmp_files" lineno="2835"> 
    6027360294<summary> 
    6027460295Do not audit attempts to append users 
     
    6029760318</param> 
    6029860319</template> 
    60299 <template name="userdom_rw_user_tmp_files" lineno="2867"> 
     60320<template name="userdom_rw_user_tmp_files" lineno="2868"> 
    6030060321<summary> 
    6030160322Read and write user temporary files. 
     
    6032260343</param> 
    6032360344</template> 
    60324 <template name="userdom_dontaudit_manage_user_tmp_files" lineno="2904"> 
     60345<template name="userdom_dontaudit_manage_user_tmp_files" lineno="2905"> 
    6032560346<summary> 
    6032660347Do not audit attempts to manage users 
     
    6034960370</param> 
    6035060371</template> 
    60351 <template name="userdom_read_user_tmp_symlinks" lineno="2939"> 
     60372<template name="userdom_read_user_tmp_symlinks" lineno="2940"> 
    6035260373<summary> 
    6035360374Read user 
     
    6037660397</param> 
    6037760398</template> 
    60378 <template name="userdom_manage_user_tmp_dirs" lineno="2976"> 
     60399<template name="userdom_manage_user_tmp_dirs" lineno="2977"> 
    6037960400<summary> 
    6038060401Create, read, write, and delete user 
     
    6040360424</param> 
    6040460425</template> 
    60405 <template name="userdom_manage_user_tmp_files" lineno="3012"> 
     60426<template name="userdom_manage_user_tmp_files" lineno="3013"> 
    6040660427<summary> 
    6040760428Create, read, write, and delete user 
     
    6043060451</param> 
    6043160452</template> 
    60432 <template name="userdom_manage_user_tmp_symlinks" lineno="3048"> 
     60453<template name="userdom_manage_user_tmp_symlinks" lineno="3049"> 
    6043360454<summary> 
    6043460455Create, read, write, and delete user 
     
    6045760478</param> 
    6045860479</template> 
    60459 <template name="userdom_manage_user_tmp_pipes" lineno="3084"> 
     60480<template name="userdom_manage_user_tmp_pipes" lineno="3085"> 
    6046060481<summary> 
    6046160482Create, read, write, and delete user 
     
    6048460505</param> 
    6048560506</template> 
    60486 <template name="userdom_manage_user_tmp_sockets" lineno="3120"> 
     60507<template name="userdom_manage_user_tmp_sockets" lineno="3121"> 
    6048760508<summary> 
    6048860509Create, read, write, and delete user 
     
    6051160532</param> 
    6051260533</template> 
    60513 <template name="userdom_user_tmp_filetrans" lineno="3169"> 
     60534<template name="userdom_user_tmp_filetrans" lineno="3170"> 
    6051460535<summary> 
    6051560536Create objects in a user temporary directory 
     
    6055160572</param> 
    6055260573</template> 
    60553 <template name="userdom_tmp_filetrans_user_tmp" lineno="3213"> 
     60574<template name="userdom_tmp_filetrans_user_tmp" lineno="3214"> 
    6055460575<summary> 
    6055560576Create objects in the temporary directory 
     
    6058660607</param> 
    6058760608</template> 
    60588 <template name="userdom_rw_user_tmpfs_files" lineno="3246"> 
     60609<template name="userdom_rw_user_tmpfs_files" lineno="3247"> 
    6058960610<summary> 
    6059060611Read user tmpfs files. 
     
    6061160632</param> 
    6061260633</template> 
    60613 <template name="userdom_list_user_untrusted_content" lineno="3282"> 
     60634<template name="userdom_list_user_untrusted_content" lineno="3283"> 
    6061460635<summary> 
    6061560636List users untrusted directories. 
     
    6063660657</param> 
    6063760658</template> 
    60638 <template name="userdom_dontaudit_list_user_untrusted_content" lineno="3317"> 
     60659<template name="userdom_dontaudit_list_user_untrusted_content" lineno="3318"> 
    6063960660<summary> 
    6064060661Do not audit attempts to list user 
     
    6066360684</param> 
    6066460685</template> 
    60665 <template name="userdom_read_user_untrusted_content_files" lineno="3350"> 
     60686<template name="userdom_read_user_untrusted_content_files" lineno="3351"> 
    6066660687<summary> 
    6066760688Read user untrusted files. 
     
    6068860709</param> 
    6068960710</template> 
    60690 <template name="userdom_manage_user_untrusted_content_files" lineno="3384"> 
     60711<template name="userdom_manage_user_untrusted_content_files" lineno="3385"> 
    6069160712<summary> 
    6069260713Manage user untrusted files. 
     
    6071360734</param> 
    6071460735</template> 
    60715 <template name="userdom_manage_user_untrusted_content_tmp_files" lineno="3417"> 
     60736<template name="userdom_manage_user_untrusted_content_tmp_files" lineno="3418"> 
    6071660737<summary> 
    6071760738Manage user untrusted tmp files. 
     
    6073860759</param> 
    6073960760</template> 
    60740 <template name="userdom_dontaudit_read_user_untrusted_content_files" lineno="3452"> 
     60761<template name="userdom_dontaudit_read_user_untrusted_content_files" lineno="3453"> 
    6074160762<summary> 
    6074260763Do not audit attempts to read users 
     
    6076560786</param> 
    6076660787</template> 
    60767 <template name="userdom_read_user_untrusted_content_symlinks" lineno="3485"> 
     60788<template name="userdom_read_user_untrusted_content_symlinks" lineno="3486"> 
    6076860789<summary> 
    6076960790Read user untrusted symbolic links. 
     
    6079060811</param> 
    6079160812</template> 
    60792 <template name="userdom_list_user_tmp_untrusted_content" lineno="3519"> 
     60813<template name="userdom_list_user_tmp_untrusted_content" lineno="3520"> 
    6079360814<summary> 
    6079460815List users temporary untrusted directories. 
     
    6081560836</param> 
    6081660837</template> 
    60817 <template name="userdom_dontaudit_list_user_tmp_untrusted_content" lineno="3554"> 
     60838<template name="userdom_dontaudit_list_user_tmp_untrusted_content" lineno="3555"> 
    6081860839<summary> 
    6081960840Do not audit attempts to list user 
     
    6084260863</param> 
    6084360864</template> 
    60844 <template name="userdom_read_user_tmp_untrusted_content_files" lineno="3587"> 
     60865<template name="userdom_read_user_tmp_untrusted_content_files" lineno="3588"> 
    6084560866<summary> 
    6084660867Read user temporary untrusted files. 
     
    6086760888</param> 
    6086860889</template> 
    60869 <template name="userdom_dontaudit_read_user_tmp_untrusted_content_files" lineno="3623"> 
     60890<template name="userdom_dontaudit_read_user_tmp_untrusted_content_files" lineno="3624"> 
    6087060891<summary> 
    6087160892Do not audit attempts to read users 
     
    6089460915</param> 
    6089560916</template> 
    60896 <template name="userdom_read_user_tmp_untrusted_content_symlinks" lineno="3656"> 
     60917<template name="userdom_read_user_tmp_untrusted_content_symlinks" lineno="3657"> 
    6089760918<summary> 
    6089860919Read user temporary untrusted symbolic links. 
     
    6091960940</param> 
    6092060941</template> 
    60921 <interface name="userdom_read_all_untrusted_content" lineno="3675"> 
     60942<interface name="userdom_read_all_untrusted_content" lineno="3676"> 
    6092260943<summary> 
    6092360944Read all user untrusted content files. 
     
    6092960950</param> 
    6093060951</interface> 
    60931 <interface name="userdom_read_all_tmp_untrusted_content" lineno="3695"> 
     60952<interface name="userdom_read_all_tmp_untrusted_content" lineno="3696"> 
    6093260953<summary> 
    6093360954Read all user temporary untrusted content files. 
     
    6093960960</param> 
    6094060961</interface> 
    60941 <template name="userdom_setattr_user_ttys" lineno="3730"> 
     60962<template name="userdom_setattr_user_ttys" lineno="3731"> 
    6094260963<summary> 
    6094360964Set the attributes of a user domain tty. 
     
    6096460985</param> 
    6096560986</template> 
    60966 <template name="userdom_use_user_ttys" lineno="3763"> 
     60987<template name="userdom_use_user_ttys" lineno="3764"> 
    6096760988<summary> 
    6096860989Read and write a user domain tty. 
     
    6098961010</param> 
    6099061011</template> 
    60991 <template name="userdom_use_user_terminals" lineno="3796"> 
     61012<template name="userdom_use_user_terminals" lineno="3797"> 
    6099261013<summary> 
    6099361014Read and write a user domain tty and pty. 
     
    6101461035</param> 
    6101561036</template> 
    61016 <template name="userdom_dontaudit_use_user_terminals" lineno="3833"> 
     61037<template name="userdom_dontaudit_use_user_terminals" lineno="3834"> 
    6101761038<summary> 
    6101861039Do not audit attempts to read and write 
     
    6104161062</param> 
    6104261063</template> 
    61043 <interface name="userdom_spec_domtrans_all_users" lineno="3854"> 
     61064<interface name="userdom_spec_domtrans_all_users" lineno="3855"> 
    6104461065<summary> 
    6104561066Execute a shell in all user domains.  This 
     
    6105361074</param> 
    6105461075</interface> 
    61055 <interface name="userdom_xsession_spec_domtrans_all_users" lineno="3877"> 
     61076<interface name="userdom_xsession_spec_domtrans_all_users" lineno="3878"> 
    6105661077<summary> 
    6105761078Execute an Xserver session in all unprivileged user domains.  This 
     
    6106561086</param> 
    6106661087</interface> 
    61067 <interface name="userdom_spec_domtrans_unpriv_users" lineno="3900"> 
     61088<interface name="userdom_spec_domtrans_unpriv_users" lineno="3901"> 
    6106861089<summary> 
    6106961090Execute a shell in all unprivileged user domains.  This 
     
    6107761098</param> 
    6107861099</interface> 
    61079 <interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="3923"> 
     61100<interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="3924"> 
    6108061101<summary> 
    6108161102Execute an Xserver session in all unprivileged user domains.  This 
     
    6108961110</param> 
    6109061111</interface> 
    61091 <interface name="userdom_manage_unpriv_user_semaphores" lineno="3944"> 
     61112<interface name="userdom_manage_unpriv_user_semaphores" lineno="3945"> 
    6109261113<summary> 
    6109361114Manage unpriviledged user SysV sempaphores. 
     
    6109961120</param> 
    6110061121</interface> 
    61101 <interface name="userdom_manage_unpriv_user_shared_mem" lineno="3963"> 
     61122<interface name="userdom_manage_unpriv_user_shared_mem" lineno="3964"> 
    6110261123<summary> 
    6110361124Manage unpriviledged user SysV shared 
     
    6111061131</param> 
    6111161132</interface> 
    61112 <interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="3983"> 
     61133<interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="3984"> 
    6111361134<summary> 
    6111461135Execute bin_t in the unprivileged user domains. This 
     
    6112261143</param> 
    6112361144</interface> 
    61124 <interface name="userdom_sbin_spec_domtrans_unpriv_users" lineno="4006"> 
     61145<interface name="userdom_sbin_spec_domtrans_unpriv_users" lineno="4007"> 
    6112561146<summary> 
    6112661147Execute generic sbin programs in all unprivileged user 
     
    6113461155</param> 
    6113561156</interface> 
    61136 <interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="4023"> 
     61157<interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="4024"> 
    6113761158<summary> 
    6113861159Execute all entrypoint files in unprivileged user 
     
    6114661167</param> 
    6114761168</interface> 
    61148 <interface name="userdom_shell_domtrans_sysadm" lineno="4044"> 
     61169<interface name="userdom_shell_domtrans_sysadm" lineno="4045"> 
    6114961170<summary> 
    6115061171Execute a shell in the sysadm domain. 
     
    6115661177</param> 
    6115761178</interface> 
    61158 <interface name="userdom_bin_spec_domtrans_sysadm" lineno="4065"> 
     61179<interface name="userdom_bin_spec_domtrans_sysadm" lineno="4066"> 
    6115961180<summary> 
    6116061181Execute a generic bin program in the sysadm domain. 
     
    6116661187</param> 
    6116761188</interface> 
    61168 <interface name="userdom_sbin_spec_domtrans_sysadm" lineno="4086"> 
     61189<interface name="userdom_sbin_spec_domtrans_sysadm" lineno="4087"> 
    6116961190<summary> 
    6117061191Execute a generic sbin program in the sysadm domain.  (Deprecated) 
     
    6117661197</param> 
    6117761198</interface> 
    61178 <interface name="userdom_entry_spec_domtrans_sysadm" lineno="4103"> 
     61199<interface name="userdom_entry_spec_domtrans_sysadm" lineno="4104"> 
    6117961200<summary> 
    6118061201Execute all entrypoint files in the sysadm domain. This 
     
    6118861209</param> 
    6118961210</interface> 
    61190 <interface name="userdom_sysadm_bin_spec_domtrans_to" lineno="4137"> 
     61211<interface name="userdom_sysadm_bin_spec_domtrans_to" lineno="4138"> 
    6119161212<summary> 
    6119261213Allow sysadm to execute a generic bin program in 
     
    6121161232</param> 
    6121261233</interface> 
    61213 <interface name="userdom_sysadm_sbin_spec_domtrans_to" lineno="4171"> 
     61234<interface name="userdom_sysadm_sbin_spec_domtrans_to" lineno="4172"> 
    6121461235<summary> 
    6121561236Allow sysadm to execute a generic sbin program in 
     
    6123461255</param> 
    6123561256</interface> 
    61236 <interface name="userdom_sysadm_entry_spec_domtrans_to" lineno="4200"> 
     61257<interface name="userdom_sysadm_entry_spec_domtrans_to" lineno="4201"> 
    6123761258<summary> 
    6123861259Allow sysadm to execute all entrypoint files 
     
    6125861279</param> 
    6125961280</interface> 
    61260 <interface name="userdom_search_staff_home_dirs" lineno="4221"> 
     61281<interface name="userdom_search_staff_home_dirs" lineno="4222"> 
    6126161282<summary> 
    6126261283Search the staff users home directory. 
     
    6126861289</param> 
    6126961290</interface> 
    61270 <interface name="userdom_dontaudit_search_staff_home_dirs" lineno="4241"> 
     61291<interface name="userdom_dontaudit_search_staff_home_dirs" lineno="4242"> 
    6127161292<summary> 
    6127261293Do not audit attempts to search the staff 
     
    6127961300</param> 
    6128061301</interface> 
    61281 <interface name="userdom_manage_staff_home_dirs" lineno="4260"> 
     61302<interface name="userdom_manage_staff_home_dirs" lineno="4261"> 
    6128261303<summary> 
    6128361304Create, read, write, and delete staff 
     
    6129061311</param> 
    6129161312</interface> 
    61292 <interface name="userdom_relabelto_staff_home_dirs" lineno="4279"> 
     61313<interface name="userdom_relabelto_staff_home_dirs" lineno="4280"> 
    6129361314<summary> 
    6129461315Relabel to staff home directories. 
     
    6130061321</param> 
    6130161322</interface> 
    61302 <interface name="userdom_dontaudit_append_staff_home_content_files" lineno="4299"> 
     61323<interface name="userdom_dontaudit_append_staff_home_content_files" lineno="4300"> 
    6130361324<summary> 
    6130461325Do not audit attempts to append to the staff 
     
    6131161332</param> 
    6131261333</interface> 
    61313 <interface name="userdom_read_staff_home_content_files" lineno="4317"> 
     61334<interface name="userdom_read_staff_home_content_files" lineno="4318"> 
    6131461335<summary> 
    6131561336Read files in the staff users home directory. 
     
    6132161342</param> 
    6132261343</interface> 
    61323 <interface name="userdom_sigchld_sysadm" lineno="4338"> 
     61344<interface name="userdom_sigchld_sysadm" lineno="4339"> 
    6132461345<summary> 
    6132561346Send a SIGCHLD signal to sysadm users. 
     
    6133161352</param> 
    6133261353</interface> 
    61333 <interface name="userdom_dontaudit_getattr_sysadm_ttys" lineno="4357"> 
     61354<interface name="userdom_dontaudit_getattr_sysadm_ttys" lineno="4358"> 
    6133461355<summary> 
    6133561356Do not audit attepts to get the attributes 
     
    6134261363</param> 
    6134361364</interface> 
    61344 <interface name="userdom_use_sysadm_ttys" lineno="4375"> 
     61365<interface name="userdom_use_sysadm_ttys" lineno="4376"> 
    6134561366<summary> 
    6134661367Read and write sysadm ttys. 
     
    6135261373</param> 
    6135361374</interface> 
    61354 <interface name="userdom_dontaudit_use_sysadm_ttys" lineno="4395"> 
     61375<interface name="userdom_dontaudit_use_sysadm_ttys" lineno="4396"> 
    6135561376<summary> 
    6135661377Do not audit attempts to use sysadm ttys. 
     
    6136261383</param> 
    6136361384</interface> 
    61364 <interface name="userdom_use_sysadm_ptys" lineno="4413"> 
     61385<interface name="userdom_use_sysadm_ptys" lineno="4414"> 
    6136561386<summary> 
    6136661387Read and write sysadm ptys. 
     
    6137261393</param> 
    6137361394</interface> 
    61374 <interface name="userdom_dontaudit_use_sysadm_ptys" lineno="4433"> 
     61395<interface name="userdom_dontaudit_use_sysadm_ptys" lineno="4434"> 
    6137561396<summary> 
    6137661397Dont audit attempts to read and write sysadm ptys. 
     
    6138261403</param> 
    6138361404</interface> 
    61384 <interface name="userdom_use_sysadm_terms" lineno="4451"> 
     61405<interface name="userdom_use_sysadm_terms" lineno="4452"> 
    6138561406<summary> 
    6138661407Read and write sysadm ttys and ptys. 
     
    6139261413</param> 
    6139361414</interface> 
    61394 <interface name="userdom_dontaudit_use_sysadm_terms" lineno="4466"> 
     61415<interface name="userdom_dontaudit_use_sysadm_terms" lineno="4467"> 
    6139561416<summary> 
    6139661417Do not audit attempts to use sysadm ttys and ptys. 
     
    6140261423</param> 
    6140361424</interface> 
    61404 <interface name="userdom_use_sysadm_fds" lineno="4484"> 
     61425<interface name="userdom_use_sysadm_fds" lineno="4485"> 
    6140561426<summary> 
    6140661427Inherit and use sysadm file descriptors 
     
    6141261433</param> 
    6141361434</interface> 
    61414 <interface name="userdom_rw_sysadm_pipes" lineno="4502"> 
     61435<interface name="userdom_rw_sysadm_pipes" lineno="4503"> 
    6141561436<summary> 
    6141661437Read and write sysadm user unnamed pipes. 
     
    6142261443</param> 
    6142361444</interface> 
    61424 <interface name="userdom_getattr_sysadm_home_dirs" lineno="4521"> 
     61445<interface name="userdom_getattr_sysadm_home_dirs" lineno="4522"> 
    6142561446<summary> 
    6142661447Get the attributes of the sysadm users 
     
    6143361454</param> 
    6143461455</interface> 
    61435 <interface name="userdom_dontaudit_getattr_sysadm_home_dirs" lineno="4541"> 
     61456<interface name="userdom_dontaudit_getattr_sysadm_home_dirs" lineno="4542"> 
    6143661457<summary> 
    6143761458Do not audit attempts to get the 
     
    6144561466</param> 
    6144661467</interface> 
    61447 <interface name="userdom_search_sysadm_home_dirs" lineno="4559"> 
     61468<interface name="userdom_search_sysadm_home_dirs" lineno="4560"> 
    6144861469<summary> 
    6144961470Search the sysadm users home directory. 
     
    6145561476</param> 
    6145661477</interface> 
    61457 <interface name="userdom_dontaudit_search_sysadm_home_dirs" lineno="4578"> 
     61478<interface name="userdom_dontaudit_search_sysadm_home_dirs" lineno="4579"> 
    6145861479<summary> 
    6145961480Do not audit attempts to search the sysadm 
     
    6146661487</param> 
    6146761488</interface> 
    61468 <interface name="userdom_list_sysadm_home_dirs" lineno="4596"> 
     61489<interface name="userdom_list_sysadm_home_dirs" lineno="4597"> 
    6146961490<summary> 
    6147061491List the sysadm users home directory. 
     
    6147661497</param> 
    6147761498</interface> 
    61478 <interface name="userdom_dontaudit_list_sysadm_home_dirs" lineno="4615"> 
     61499<interface name="userdom_dontaudit_list_sysadm_home_dirs" lineno="4616"> 
    6147961500<summary> 
    6148061501Do not audit attempts to list the sysadm 
     
    6148761508</param> 
    6148861509</interface> 
    61489 <interface name="userdom_dontaudit_read_sysadm_home_content_files" lineno="4634"> 
     61510<interface name="userdom_dontaudit_read_sysadm_home_content_files" lineno="4635"> 
    6149061511<summary> 
    6149161512Do not audit attempts to search the sysadm 
     
    6149861519</param> 
    6149961520</interface> 
    61500 <interface name="userdom_sysadm_home_dir_filetrans" lineno="4666"> 
     61521<interface name="userdom_sysadm_home_dir_filetrans" lineno="4667"> 
    6150161522<summary> 
    6150261523Create objects in sysadm home directories 
     
    6152061541</param> 
    6152161542</interface> 
    61522 <interface name="userdom_search_sysadm_home_content_dirs" lineno="4684"> 
     61543<interface name="userdom_search_sysadm_home_content_dirs" lineno="4685"> 
    6152361544<summary> 
    6152461545Search the sysadm users home sub directories. 
     
    6153061551</param> 
    6153161552</interface> 
    61532 <interface name="userdom_read_sysadm_home_content_files" lineno="4702"> 
     61553<interface name="userdom_read_sysadm_home_content_files" lineno="4703"> 
    6153361554<summary> 
    6153461555Read files in the sysadm users home directory. 
     
    6154061561</param> 
    6154161562</interface> 
    61542 <interface name="userdom_read_sysadm_tmp_files" lineno="4723"> 
     61563<interface name="userdom_read_sysadm_tmp_files" lineno="4724"> 
    6154361564<summary> 
    6154461565Read sysadm temporary files. 
     
    6155061571</param> 
    6155161572</interface> 
    61552 <interface name="userdom_search_all_users_home_dirs" lineno="4744"> 
     61573<interface name="userdom_search_all_users_home_dirs" lineno="4745"> 
    6155361574<summary> 
    6155461575Search all users home directories. 
     
    6156061581</param> 
    6156161582</interface> 
    61562 <interface name="userdom_list_all_users_home_dirs" lineno="4763"> 
     61583<interface name="userdom_list_all_users_home_dirs" lineno="4764"> 
    6156361584<summary> 
    6156461585List all users home directories. 
     
    6157061591</param> 
    6157161592</interface> 
    61572 <interface name="userdom_search_all_users_home_content" lineno="4782"> 
     61593<interface name="userdom_search_all_users_home_content" lineno="4783"> 
    6157361594<summary> 
    6157461595Search all users home directories. 
     
    6158061601</param> 
    6158161602</interface> 
    61582 <interface name="userdom_dontaudit_search_all_users_home_content" lineno="4801"> 
     61603<interface name="userdom_dontaudit_search_all_users_home_content" lineno="4802"> 
    6158361604<summary> 
    6158461605Do not audit attempts to search all users home directories. 
     
    6159061611</param> 
    6159161612</interface> 
    61592 <interface name="userdom_read_all_users_home_content_files" lineno="4819"> 
     61613<interface name="userdom_read_all_users_home_content_files" lineno="4820"> 
    6159361614<summary> 
    6159461615Read all files in all users home directories. 
     
    6160061621</param> 
    6160161622</interface> 
    61602 <interface name="userdom_manage_all_users_home_content_dirs" lineno="4840"> 
     61623<interface name="userdom_manage_all_users_home_content_dirs" lineno="4841"> 
    6160361624<summary> 
    6160461625Create, read, write, and delete all directories 
     
    6161161632</param> 
    6161261633</interface> 
    61613 <interface name="userdom_manage_all_users_home_content_files" lineno="4860"> 
     61634<interface name="userdom_manage_all_users_home_content_files" lineno="4861"> 
    6161461635<summary> 
    6161561636Create, read, write, and delete all files 
     
    6162261643</param> 
    6162361644</interface> 
    61624 <interface name="userdom_manage_all_users_home_content_symlinks" lineno="4880"> 
     61645<interface name="userdom_manage_all_users_home_content_symlinks" lineno="4881"> 
    6162561646<summary> 
    6162661647Create, read, write, and delete all symlinks 
     
    6163361654</param> 
    6163461655</interface> 
    61635 <interface name="userdom_priveleged_home_dir_manager" lineno="4909"> 
     61656<interface name="userdom_priveleged_home_dir_manager" lineno="4910"> 
    6163661657<summary> 
    6163761658Make the specified domain a privileged 
     
    6165361674</param> 
    6165461675</interface> 
    61655 <interface name="userdom_signal_unpriv_users" lineno="4928"> 
     61676<interface name="userdom_signal_unpriv_users" lineno="4929"> 
    6165661677<summary> 
    6165761678Send general signals to unprivileged user domains. 
     
    6166361684</param> 
    6166461685</interface> 
    61665 <interface name="userdom_use_unpriv_users_fds" lineno="4946"> 
     61686<interface name="userdom_use_unpriv_users_fds" lineno="4947"> 
    6166661687<summary> 
    6166761688Inherit the file descriptors from unprivileged user domains. 
     
    6167361694</param> 
    6167461695</interface> 
    61675 <interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="4965"> 
     61696<interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="4966"> 
    6167661697<summary> 
    6167761698Do not audit attempts to inherit the