Changeset 78
- Timestamp:
- 06/01/07 11:34:47 (2 years ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/RHEL5/refpolicy/src/selinux-policy-clip/build.conf
r11 r78 9 9 # override the version. This only has an 10 10 # effect for monolithic policies. 11 OUTPUT_POLICY = 1811 OUTPUT_POLICY = 21 12 12 13 13 # Policy Type … … 15 15 # strict-mls, targeted-mls, 16 16 # strict-mcs, targeted-mcs 17 TYPE = strict 17 TYPE = strict-mcs 18 18 19 19 # Policy Name trunk/RHEL5/refpolicy/src/selinux-policy-clip/doc/policy.xml
r13 r78 3736 3736 <summary> 3737 3737 Make general progams in sbin an entrypoint for 3738 the specified domain. 3738 the specified domain. (Deprecated) 3739 3739 </summary> 3740 3740 <param name="domain"> … … 3744 3744 </param> 3745 3745 </interface> 3746 <interface name="corecmd_shell_entry_type" lineno="11 3">3746 <interface name="corecmd_shell_entry_type" lineno="110"> 3747 3747 <summary> 3748 3748 Make the shell an entrypoint for the specified domain. … … 3754 3754 </param> 3755 3755 </interface> 3756 <interface name="corecmd_search_bin" lineno="1 31">3756 <interface name="corecmd_search_bin" lineno="128"> 3757 3757 <summary> 3758 3758 Search the contents of bin directories. … … 3764 3764 </param> 3765 3765 </interface> 3766 <interface name="corecmd_list_bin" lineno="149"> 3766 <interface name="corecmd_dontaudit_search_bin" lineno="146"> 3767 <summary> 3768 Do not audit attempts to search the contents of bin directories. 3769 </summary> 3770 <param name="domain"> 3771 <summary> 3772 Domain allowed access. 3773 </summary> 3774 </param> 3775 </interface> 3776 <interface name="corecmd_list_bin" lineno="164"> 3767 3777 <summary> 3768 3778 List the contents of bin directories. … … 3774 3784 </param> 3775 3785 </interface> 3776 <interface name="corecmd_getattr_bin_files" lineno="167"> 3786 <interface name="corecmd_dontaudit_write_bin_dirs" lineno="182"> 3787 <summary> 3788 Do not auidt attempts to write bin directories. 3789 </summary> 3790 <param name="domain"> 3791 <summary> 3792 Domain allowed access. 3793 </summary> 3794 </param> 3795 </interface> 3796 <interface name="corecmd_getattr_bin_files" lineno="200"> 3777 3797 <summary> 3778 3798 Get the attributes of files in bin directories. … … 3784 3804 </param> 3785 3805 </interface> 3786 <interface name="corecmd_read_bin_files" lineno=" 185">3806 <interface name="corecmd_read_bin_files" lineno="218"> 3787 3807 <summary> 3788 3808 Read files in bin directories. … … 3794 3814 </param> 3795 3815 </interface> 3796 <interface name="corecmd_read_bin_symlinks" lineno="2 03">3816 <interface name="corecmd_read_bin_symlinks" lineno="236"> 3797 3817 <summary> 3798 3818 Read symbolic links in bin directories. … … 3804 3824 </param> 3805 3825 </interface> 3806 <interface name="corecmd_read_bin_pipes" lineno="2 21">3826 <interface name="corecmd_read_bin_pipes" lineno="254"> 3807 3827 <summary> 3808 3828 Read pipes in bin directories. … … 3814 3834 </param> 3815 3835 </interface> 3816 <interface name="corecmd_read_bin_sockets" lineno="2 39">3836 <interface name="corecmd_read_bin_sockets" lineno="272"> 3817 3837 <summary> 3818 3838 Read named sockets in bin directories. … … 3824 3844 </param> 3825 3845 </interface> 3826 <interface name="corecmd_exec_bin" lineno="2 58">3846 <interface name="corecmd_exec_bin" lineno="291"> 3827 3847 <summary> 3828 3848 Execute generic programs in bin directories, … … 3835 3855 </param> 3836 3856 </interface> 3837 <interface name="corecmd_manage_bin_files" lineno=" 278">3857 <interface name="corecmd_manage_bin_files" lineno="311"> 3838 3858 <summary> 3839 3859 Create, read, write, and delete bin files. … … 3845 3865 </param> 3846 3866 </interface> 3847 <interface name="corecmd_relabel_bin_files" lineno=" 296">3867 <interface name="corecmd_relabel_bin_files" lineno="329"> 3848 3868 <summary> 3849 3869 Relabel to and from the bin type. … … 3855 3875 </param> 3856 3876 </interface> 3857 <interface name="corecmd_mmap_bin_files" lineno="3 14">3877 <interface name="corecmd_mmap_bin_files" lineno="347"> 3858 3878 <summary> 3859 3879 Mmap a bin file as executable. … … 3865 3885 </param> 3866 3886 </interface> 3867 <interface name="corecmd_bin_spec_domtrans" lineno="3 59">3887 <interface name="corecmd_bin_spec_domtrans" lineno="392"> 3868 3888 <summary> 3869 3889 Execute a file in a bin directory … … 3901 3921 </param> 3902 3922 </interface> 3903 <interface name="corecmd_bin_domtrans" lineno="4 02">3923 <interface name="corecmd_bin_domtrans" lineno="435"> 3904 3924 <summary> 3905 3925 Execute a file in a bin directory … … 3935 3955 </param> 3936 3956 </interface> 3937 <interface name="corecmd_search_sbin" lineno="4 21">3938 <summary> 3939 Search the contents of sbin directories. 3940 </summary> 3941 <param name="domain"> 3942 <summary> 3943 Domain allowed access. 3944 </summary> 3945 </param> 3946 </interface> 3947 <interface name="corecmd_dontaudit_search_sbin" lineno="4 40">3957 <interface name="corecmd_search_sbin" lineno="454"> 3958 <summary> 3959 Search the contents of sbin directories. (Deprecated) 3960 </summary> 3961 <param name="domain"> 3962 <summary> 3963 Domain allowed access. 3964 </summary> 3965 </param> 3966 </interface> 3967 <interface name="corecmd_dontaudit_search_sbin" lineno="470"> 3948 3968 <summary> 3949 3969 Do not audit attempts to search 3950 sbin directories. 3951 </summary> 3952 <param name="domain"> 3953 <summary> 3954 Domain to not audit. 3955 </summary> 3956 </param> 3957 </interface> 3958 <interface name="corecmd_list_sbin" lineno="458"> 3959 <summary> 3960 List the contents of sbin directories. 3961 </summary> 3962 <param name="domain"> 3963 <summary> 3964 Domain allowed access. 3965 </summary> 3966 </param> 3967 </interface> 3968 <interface name="corecmd_getattr_sbin_files" lineno="476"> 3969 <summary> 3970 Get the attributes of sbin files. 3971 </summary> 3972 <param name="domain"> 3973 <summary> 3974 Domain allowed access. 3975 </summary> 3976 </param> 3977 </interface> 3978 <interface name="corecmd_dontaudit_getattr_sbin_files" lineno="495"> 3970 sbin directories. (Deprecated) 3971 </summary> 3972 <param name="domain"> 3973 <summary> 3974 Domain to not audit. 3975 </summary> 3976 </param> 3977 </interface> 3978 <interface name="corecmd_list_sbin" lineno="485"> 3979 <summary> 3980 List the contents of sbin directories. (Deprecated) 3981 </summary> 3982 <param name="domain"> 3983 <summary> 3984 Domain allowed access. 3985 </summary> 3986 </param> 3987 </interface> 3988 <interface name="corecmd_dontaudit_write_sbin_dirs" lineno="501"> 3989 <summary> 3990 Do not audit attempts to write 3991 sbin directories. (Deprecated) 3992 </summary> 3993 <param name="domain"> 3994 <summary> 3995 Domain to not audit. 3996 </summary> 3997 </param> 3998 </interface> 3999 <interface name="corecmd_getattr_sbin_files" lineno="516"> 4000 <summary> 4001 Get the attributes of sbin files. (Deprecated) 4002 </summary> 4003 <param name="domain"> 4004 <summary> 4005 Domain allowed access. 4006 </summary> 4007 </param> 4008 </interface> 4009 <interface name="corecmd_dontaudit_getattr_sbin_files" lineno="532"> 3979 4010 <summary> 3980 4011 Do not audit attempts to get the attibutes 3981 of sbin files. 3982 </summary> 3983 <param name="domain"> 3984 <summary> 3985 Domain to not audit. 3986 </summary> 3987 </param> 3988 </interface> 3989 <interface name="corecmd_read_sbin_files" lineno="5 13">3990 <summary> 3991 Read files in sbin directories. 3992 </summary> 3993 <param name="domain"> 3994 <summary> 3995 Domain allowed access. 3996 </summary> 3997 </param> 3998 </interface> 3999 <interface name="corecmd_read_sbin_symlinks" lineno="5 31">4000 <summary> 4001 Read symbolic links in sbin directories. 4002 </summary> 4003 <param name="domain"> 4004 <summary> 4005 Domain allowed access. 4006 </summary> 4007 </param> 4008 </interface> 4009 <interface name="corecmd_read_sbin_pipes" lineno="5 49">4010 <summary> 4011 Read named pipes in sbin directories. 4012 </summary> 4013 <param name="domain"> 4014 <summary> 4015 Domain allowed access. 4016 </summary> 4017 </param> 4018 </interface> 4019 <interface name="corecmd_read_sbin_sockets" lineno="5 67">4020 <summary> 4021 Read named sockets in sbin directories. 4022 </summary> 4023 <param name="domain"> 4024 <summary> 4025 Domain allowed access. 4026 </summary> 4027 </param> 4028 </interface> 4029 <interface name="corecmd_exec_sbin" lineno=" 586">4012 of sbin files. (Deprecated) 4013 </summary> 4014 <param name="domain"> 4015 <summary> 4016 Domain to not audit. 4017 </summary> 4018 </param> 4019 </interface> 4020 <interface name="corecmd_read_sbin_files" lineno="547"> 4021 <summary> 4022 Read files in sbin directories. (Deprecated) 4023 </summary> 4024 <param name="domain"> 4025 <summary> 4026 Domain allowed access. 4027 </summary> 4028 </param> 4029 </interface> 4030 <interface name="corecmd_read_sbin_symlinks" lineno="562"> 4031 <summary> 4032 Read symbolic links in sbin directories. (Deprecated) 4033 </summary> 4034 <param name="domain"> 4035 <summary> 4036 Domain allowed access. 4037 </summary> 4038 </param> 4039 </interface> 4040 <interface name="corecmd_read_sbin_pipes" lineno="577"> 4041 <summary> 4042 Read named pipes in sbin directories. (Deprecated) 4043 </summary> 4044 <param name="domain"> 4045 <summary> 4046 Domain allowed access. 4047 </summary> 4048 </param> 4049 </interface> 4050 <interface name="corecmd_read_sbin_sockets" lineno="592"> 4051 <summary> 4052 Read named sockets in sbin directories. (Deprecated) 4053 </summary> 4054 <param name="domain"> 4055 <summary> 4056 Domain allowed access. 4057 </summary> 4058 </param> 4059 </interface> 4060 <interface name="corecmd_exec_sbin" lineno="608"> 4030 4061 <summary> 4031 4062 Execute generic programs in sbin directories, 4032 in the caller domain. 4033 </summary> 4034 <param name="domain"> 4035 <summary> 4036 Domain allowed access. 4037 </summary> 4038 </param> 4039 </interface> 4040 <interface name="corecmd_manage_sbin_files" lineno="6 07">4041 <summary> 4042 Create, read, write, and delete sbin files. 4043 </summary> 4044 <param name="domain"> 4045 <summary> 4046 Domain allowed access. 4047 </summary> 4048 </param> 4049 </interface> 4050 <interface name="corecmd_relabel_sbin_files" lineno="6 26">4051 <summary> 4052 Relabel to and from the sbin type. 4053 </summary> 4054 <param name="domain"> 4055 <summary> 4056 Domain allowed access. 4057 </summary> 4058 </param> 4059 </interface> 4060 <interface name="corecmd_mmap_sbin_files" lineno="6 45">4061 <summary> 4062 Mmap a sbin file as executable. 4063 </summary> 4064 <param name="domain"> 4065 <summary> 4066 Domain allowed access. 4067 </summary> 4068 </param> 4069 </interface> 4070 <interface name="corecmd_sbin_domtrans" lineno="6 88">4063 in the caller domain. (Deprecated) 4064 </summary> 4065 <param name="domain"> 4066 <summary> 4067 Domain allowed access. 4068 </summary> 4069 </param> 4070 </interface> 4071 <interface name="corecmd_manage_sbin_files" lineno="624"> 4072 <summary> 4073 Create, read, write, and delete sbin files. (Deprecated) 4074 </summary> 4075 <param name="domain"> 4076 <summary> 4077 Domain allowed access. 4078 </summary> 4079 </param> 4080 </interface> 4081 <interface name="corecmd_relabel_sbin_files" lineno="640"> 4082 <summary> 4083 Relabel to and from the sbin type. (Deprecated) 4084 </summary> 4085 <param name="domain"> 4086 <summary> 4087 Domain allowed access. 4088 </summary> 4089 </param> 4090 </interface> 4091 <interface name="corecmd_mmap_sbin_files" lineno="656"> 4092 <summary> 4093 Mmap a sbin file as executable. (Deprecated) 4094 </summary> 4095 <param name="domain"> 4096 <summary> 4097 Domain allowed access. 4098 </summary> 4099 </param> 4100 </interface> 4101 <interface name="corecmd_sbin_domtrans" lineno="695"> 4071 4102 <summary> 4072 4103 Execute a file in a sbin directory 4073 in the specified domain. 4104 in the specified domain. (Deprecated) 4074 4105 </summary> 4075 4106 <desc> … … 4079 4110 the specified domain to execute any file 4080 4111 on these filesystems in the specified 4081 domain. This is not suggested. 4112 domain. This is not suggested. (Deprecated) 4082 4113 </p> 4083 4114 <p> … … 4102 4133 </param> 4103 4134 </interface> 4104 <interface name="corecmd_sbin_spec_domtrans" lineno="73 3">4135 <interface name="corecmd_sbin_spec_domtrans" lineno="736"> 4105 4136 <summary> 4106 4137 Execute a file in a sbin directory 4107 4138 in the specified domain but do not 4108 4139 do it automatically. This is an explicit 4109 transition, requiring the caller to use setexeccon(). 4140 transition, requiring the caller to use setexeccon(). (Deprecated) 4110 4141 </summary> 4111 4142 <desc> … … 4115 4146 the specified domain to execute any file 4116 4147 on these filesystems in the specified 4117 domain. This is not suggested. 4148 domain. This is not suggested. (Deprecated) 4118 4149 </p> 4119 4150 <p> … … 4138 4169 </param> 4139 4170 </interface> 4140 <interface name="corecmd_check_exec_shell" lineno="75 2">4171 <interface name="corecmd_check_exec_shell" lineno="751"> 4141 4172 <summary> 4142 4173 Check if a shell is executable (DAC-wise). … … 4148 4179 </param> 4149 4180 </interface> 4150 <interface name="corecmd_exec_shell" lineno="77 2">4181 <interface name="corecmd_exec_shell" lineno="771"> 4151 4182 <summary> 4152 4183 Execute a shell in the caller domain. … … 4158 4189 </param> 4159 4190 </interface> 4160 <interface name="corecmd_exec_ls" lineno="79 2">4161 <summary> 4162 Execute ls in the caller domain. 4163 </summary> 4164 <param name="domain"> 4165 <summary> 4166 Domain allowed access. 4167 </summary> 4168 </param> 4169 </interface> 4170 <interface name="corecmd_shell_spec_domtrans" lineno="8 31">4191 <interface name="corecmd_exec_ls" lineno="791"> 4192 <summary> 4193 Execute ls in the caller domain. (Deprecated) 4194 </summary> 4195 <param name="domain"> 4196 <summary> 4197 Domain allowed access. 4198 </summary> 4199 </param> 4200 </interface> 4201 <interface name="corecmd_shell_spec_domtrans" lineno="825"> 4171 4202 <summary> 4172 4203 Execute a shell in the target domain. This … … 4197 4228 </param> 4198 4229 </interface> 4199 <interface name="corecmd_shell_domtrans" lineno="86 6">4230 <interface name="corecmd_shell_domtrans" lineno="860"> 4200 4231 <summary> 4201 4232 Execute a shell in the specified domain. … … 4222 4253 </param> 4223 4254 </interface> 4224 <interface name="corecmd_exec_chroot" lineno="8 85">4255 <interface name="corecmd_exec_chroot" lineno="879"> 4225 4256 <summary> 4226 4257 Execute chroot in the caller domain. … … 4232 4263 </param> 4233 4264 </interface> 4234 <interface name="corecmd_exec_all_executables" lineno="906"> 4265 <interface name="corecmd_getattr_all_executables" lineno="900"> 4266 <summary> 4267 Get the attributes of all executable files. 4268 </summary> 4269 <param name="domain"> 4270 <summary> 4271 Domain allowed access. 4272 </summary> 4273 </param> 4274 <rolecap/> 4275 </interface> 4276 <interface name="corecmd_exec_all_executables" lineno="921"> 4235 4277 <summary> 4236 4278 Execute all executable files. … … 4243 4285 <rolecap/> 4244 4286 </interface> 4245 <interface name="corecmd_manage_all_executables" lineno="9 28">4287 <interface name="corecmd_manage_all_executables" lineno="943"> 4246 4288 <summary> 4247 4289 Create, read, write, and all executable files. … … 4254 4296 <rolecap/> 4255 4297 </interface> 4256 <interface name="corecmd_relabel_all_executables" lineno="9 49">4298 <interface name="corecmd_relabel_all_executables" lineno="964"> 4257 4299 <summary> 4258 4300 Relabel to and from the bin type. … … 4265 4307 <rolecap/> 4266 4308 </interface> 4267 <interface name="corecmd_mmap_all_executables" lineno="9 67">4309 <interface name="corecmd_mmap_all_executables" lineno="983"> 4268 4310 <summary> 4269 4311 Mmap all executables as executable. … … 43038 43080 </param> 43039 43081 </interface> 43040 < template name="clockspeed_run_cli" lineno="42">43082 <interface name="clockspeed_run_cli" lineno="42"> 43041 43083 <summary> 43042 43084 Allow the specified role the clockspeed_cli domain. … … 43058 43100 </param> 43059 43101 <rolecap/> 43060 </ template>43102 </interface> 43061 43103 </module> 43062 43104 <module name="comsat" filename="policy/modules/services/comsat.if"> … … 54027 54069 </param> 54028 54070 </template> 54029 <template name="userdom_security_admin_template" lineno="12 85">54071 <template name="userdom_security_admin_template" lineno="1269"> 54030 54072 <summary> 54031 54073 Allow user to run as a secadm … … 54064 54106 </param> 54065 54107 </template> 54066 <template name="userdom_role_change_generic_user" lineno="13 71">54108 <template name="userdom_role_change_generic_user" lineno="1355"> 54067 54109 <summary> 54068 54110 Change to the generic user role. … … 54086 54128 <rolecap/> 54087 54129 </template> 54088 <template name="userdom_role_change_from_generic_user" lineno="1 402">54130 <template name="userdom_role_change_from_generic_user" lineno="1386"> 54089 54131 <summary> 54090 54132 Change from the generic user role. … … 54109 54151 <rolecap/> 54110 54152 </template> 54111 <template name="userdom_role_change_staff" lineno="14 32">54153 <template name="userdom_role_change_staff" lineno="1416"> 54112 54154 <summary> 54113 54155 Change to the staff user role. … … 54131 54173 <rolecap/> 54132 54174 </template> 54133 <template name="userdom_role_change_from_staff" lineno="14 63">54175 <template name="userdom_role_change_from_staff" lineno="1447"> 54134 54176 <summary> 54135 54177 Change from the staff user role. … … 54154 54196 <rolecap/> 54155 54197 </template> 54156 <template name="userdom_role_change_sysadm" lineno="14 93">54198 <template name="userdom_role_change_sysadm" lineno="1477"> 54157 54199 <summary> 54158 54200 Change to the sysadm user role. … … 54176 54218 <rolecap/> 54177 54219 </template> 54178 <template name="userdom_role_change_from_sysadm" lineno="15 24">54220 <template name="userdom_role_change_from_sysadm" lineno="1508"> 54179 54221 <summary> 54180 54222 Change from the sysadm user role. … … 54199 54241 <rolecap/> 54200 54242 </template> 54201 <template name="userdom_role_change_secadm" lineno="15 54">54243 <template name="userdom_role_change_secadm" lineno="1538"> 54202 54244 <summary> 54203 54245 Change to the secadm user role. … … 54221 54263 <rolecap/> 54222 54264 </template> 54223 <template name="userdom_role_change_from_secadm" lineno="15 85">54265 <template name="userdom_role_change_from_secadm" lineno="1569"> 54224 54266 <summary> 54225 54267 Change from the secadm user role. … … 54244 54286 <rolecap/> 54245 54287 </template> 54246 <template name="userdom_role_change_auditadm" lineno="1 615">54288 <template name="userdom_role_change_auditadm" lineno="1599"> 54247 54289 <summary> 54248 54290 Change to the auditadm user role. … … 54266 54308 <rolecap/> 54267 54309 </template> 54268 <template name="userdom_role_change_from_auditadm" lineno="16 46">54310 <template name="userdom_role_change_from_auditadm" lineno="1630"> 54269 54311 <summary> 54270 54312 Change from the auditadm user role. … … 54289 54331 <rolecap/> 54290 54332 </template> 54291 <template name="userdom_user_home_content" lineno="16 82">54333 <template name="userdom_user_home_content" lineno="1666"> 54292 54334 <summary> 54293 54335 Make the specified type usable in a … … 54317 54359 </param> 54318 54360 </template> 54319 <template name="userdom_setattr_user_ptys" lineno="17 16">54361 <template name="userdom_setattr_user_ptys" lineno="1700"> 54320 54362 <summary> 54321 54363 Set the attributes of a user pty. … … 54342 54384 </param> 54343 54385 </template> 54344 <template name="userdom_create_user_pty" lineno="17 51">54386 <template name="userdom_create_user_pty" lineno="1735"> 54345 54387 <summary> 54346 54388 Create a user pty. … … 54367 54409 </param> 54368 54410 </template> 54369 <template name="userdom_search_user_home_dirs" lineno="17 86">54411 <template name="userdom_search_user_home_dirs" lineno="1770"> 54370 54412 <summary> 54371 54413 Search user home directories. … … 54392 54434 </param> 54393 54435 </template> 54394 <template name="userdom_list_user_home_dirs" lineno="18 20">54436 <template name="userdom_list_user_home_dirs" lineno="1804"> 54395 54437 <summary> 54396 54438 List user home directories. … … 54417 54459 </param> 54418 54460 </template> 54419 <template name="userdom_user_home_domtrans" lineno="18 68">54461 <template name="userdom_user_home_domtrans" lineno="1852"> 54420 54462 <summary> 54421 54463 Do a domain transition to the specified … … 54456 54498 </param> 54457 54499 </template> 54458 <template name="userdom_dontaudit_list_user_home_dirs" lineno="1 903">54500 <template name="userdom_dontaudit_list_user_home_dirs" lineno="1887"> 54459 54501 <summary> 54460 54502 Do not audit attempts to list user home subdirectories. … … 54481 54523 </param> 54482 54524 </template> 54483 <template name="userdom_manage_user_home_content_dirs" lineno="19 38">54525 <template name="userdom_manage_user_home_content_dirs" lineno="1922"> 54484 54526 <summary> 54485 54527 Create, read, write, and delete directories … … 54508 54550 </param> 54509 54551 </template> 54510 <template name="userdom_dontaudit_setattr_user_home_content_files" lineno="19 74">54552 <template name="userdom_dontaudit_setattr_user_home_content_files" lineno="1958"> 54511 54553 <summary> 54512 54554 Do not audit attempts to set the … … 54535 54577 </param> 54536 54578 </template> 54537 <template name="userdom_read_user_home_content_files" lineno=" 2007">54579 <template name="userdom_read_user_home_content_files" lineno="1991"> 54538 54580 <summary> 54539 54581 Read user home files. … … 54560 54602 </param> 54561 54603 </template> 54562 <template name="userdom_dontaudit_read_user_home_content_files" lineno="20 41">54604 <template name="userdom_dontaudit_read_user_home_content_files" lineno="2025"> 54563 54605 <summary> 54564 54606 Do not audit attempts to read user home files. … … 54585 54627 </param> 54586 54628 </template> 54587 <template name="userdom_dontaudit_write_user_home_content_files" lineno="20 75">54629 <template name="userdom_dontaudit_write_user_home_content_files" lineno="2059"> 54588 54630 <summary> 54589 54631 Do not audit attempts to write user home files. … … 54610 54652 </param> 54611 54653 </template> 54612 <template name="userdom_read_user_home_content_symlinks" lineno="2 108">54654 <template name="userdom_read_user_home_content_symlinks" lineno="2092"> 54613 54655 <summary> 54614 54656 Read user home subdirectory symbolic links. … … 54635 54677 </param> 54636 54678 </template> 54637 <template name="userdom_exec_user_home_content_files" lineno="21 42">54679 <template name="userdom_exec_user_home_content_files" lineno="2126"> 54638 54680 <summary> 54639 54681 Execute user home files. … … 54660 54702 </param> 54661 54703 </template> 54662 <template name="userdom_dontaudit_exec_user_home_content_files" lineno="21 76">54704 <template name="userdom_dontaudit_exec_user_home_content_files" lineno="2160"> 54663 54705 <summary> 54664 54706 Do not audit attempts to execute user home files. … … 54685 54727 </param> 54686 54728 </template> 54687 <template name="userdom_manage_user_home_content_files" lineno="2 211">54729 <template name="userdom_manage_user_home_content_files" lineno="2195"> 54688 54730 <summary> 54689 54731 Create, read, write, and delete files … … 54712 54754 </param> 54713 54755 </template> 54714 <template name="userdom_dontaudit_manage_user_home_content_dirs" lineno="22 48">54756 <template name="userdom_dontaudit_manage_user_home_content_dirs" lineno="2232"> 54715 54757 <summary> 54716 54758 Do not audit attempts to create, read, write, and delete directories … … 54739 54781 </param> 54740 54782 </template> 54741 <template name="userdom_manage_user_home_content_symlinks" lineno="22 83">54783 <template name="userdom_manage_user_home_content_symlinks" lineno="2267"> 54742 54784 <summary> 54743 54785 Create, read, write, and delete symbolic links … … 54766 54808 </param> 54767 54809 </template> 54768 <template name="userdom_manage_user_home_content_pipes" lineno="23 20">54810 <template name="userdom_manage_user_home_content_pipes" lineno="2304"> 54769 54811 <summary> 54770 54812 Create, read, write, and delete named pipes … … 54793 54835 </param> 54794 54836 </template> 54795 <template name="userdom_manage_user_home_content_sockets" lineno="23 57">54837 <template name="userdom_manage_user_home_content_sockets" lineno="2341"> 54796 54838 <summary> 54797 54839 Create, read, write, and delete named sockets … … 54820 54862 </param> 54821 54863 </template> 54822 <template name="userdom_user_home_dir_filetrans" lineno="2 407">54864 <template name="userdom_user_home_dir_filetrans" lineno="2391"> 54823 54865 <summary> 54824 54866 Create objects in a user home directory … … 54860 54902 </param> 54861 54903 </template> 54862 <template name="userdom_user_home_content_filetrans" lineno="24 56">54904 <template name="userdom_user_home_content_filetrans" lineno="2440"> 54863 54905 <summary> 54864 54906 Create objects in a user home directory … … 54900 54942 </param> 54901 54943 </template> 54902 <template name="userdom_user_home_dir_filetrans_user_home_content" lineno="2 500">54944 <template name="userdom_user_home_dir_filetrans_user_home_content" lineno="2484"> 54903 54945 <summary> 54904 54946 Create objects in a user home directory … … 54935 54977 </param> 54936 54978 </template> 54937 <template name="userdom_write_user_tmp_sockets" lineno="25 34">54979 <template name="userdom_write_user_tmp_sockets" lineno="2518"> 54938 54980 <summary> 54939 54981 Write to user temporary named sockets. … … 54960 55002 </param> 54961 55003 </template> 54962 <template name="userdom_list_user_tmp" lineno="25 68">55004 <template name="userdom_list_user_tmp" lineno="2552"> 54963 55005 <summary> 54964 55006 List user temporary directories. … … 54985 55027 </param> 54986 55028 </template> 54987 <template name="userdom_dontaudit_list_user_tmp" lineno="2 604">55029 <template name="userdom_dontaudit_list_user_tmp" lineno="2588"> 54988 55030 <summary> 54989 55031 Do not audit attempts to list user … … 55012 55054 </param> 55013 55055 </template> 55014 <template name="userdom_dontaudit_manage_user_tmp_dirs" lineno="26 39">55056 <template name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2623"> 55015 55057 <summary> 55016 55058 Do not audit attempts to manage users … … 55039 55081 </param> 55040 55082 </template> 55041 <template name="userdom_read_user_tmp_files" lineno="26 72">55083 <template name="userdom_read_user_tmp_files" lineno="2656"> 55042 55084 <summary> 55043 55085 Read user temporary files. … … 55064 55106 </param> 55065 55107 </template> 55066 <template name="userdom_dontaudit_read_user_tmp_files" lineno="2 709">55108 <template name="userdom_dontaudit_read_user_tmp_files" lineno="2693"> 55067 55109 <summary> 55068 55110 Do not audit attempts to read users … … 55091 55133 </param> 55092 55134 </template> 55093 <template name="userdom_dontaudit_append_user_tmp_files" lineno="27 44">55135 <template name="userdom_dontaudit_append_user_tmp_files" lineno="2728"> 55094 55136 <summary> 55095 55137 Do not audit attempts to append users … … 55118 55160 </param> 55119 55161 </template> 55120 <template name="userdom_rw_user_tmp_files" lineno="27 77">55162 <template name="userdom_rw_user_tmp_files" lineno="2761"> 55121 55163 <summary> 55122 55164 Read and write user temporary files. … … 55143 55185 </param> 55144 55186 </template> 55145 <template name="userdom_dontaudit_manage_user_tmp_files" lineno="2 814">55187 <template name="userdom_dontaudit_manage_user_tmp_files" lineno="2798"> 55146 55188 <summary> 55147 55189 Do not audit attempts to manage users … … 55170 55212 </param> 55171 55213 </template> 55172 <template name="userdom_read_user_tmp_symlinks" lineno="28 49">55214 <template name="userdom_read_user_tmp_symlinks" lineno="2833"> 55173 55215 <summary> 55174 55216 Read user … … 55197 55239 </param> 55198 55240 </template> 55199 <template name="userdom_manage_user_tmp_dirs" lineno="28 86">55241 <template name="userdom_manage_user_tmp_dirs" lineno="2870"> 55200 55242 <summary> 55201 55243 Create, read, write, and delete user … … 55224 55266 </param> 55225 55267 </template> 55226 <template name="userdom_manage_user_tmp_files" lineno="29 22">55268 <template name="userdom_manage_user_tmp_files" lineno="2906"> 55227 55269 <summary> 55228 55270 Create, read, write, and delete user … … 55251 55293 </param> 55252 55294 </template> 55253 <template name="userdom_manage_user_tmp_symlinks" lineno="29 58">55295 <template name="userdom_manage_user_tmp_symlinks" lineno="2942"> 55254 55296 <summary> 55255 55297 Create, read, write, and delete user … … 55278 55320 </param> 55279 55321 </template> 55280 <template name="userdom_manage_user_tmp_pipes" lineno="29 94">55322 <template name="userdom_manage_user_tmp_pipes" lineno="2978"> 55281 55323 <summary> 55282 55324 Create, read, write, and delete user … … 55305 55347 </param> 55306 55348 </template> 55307 <template name="userdom_manage_user_tmp_sockets" lineno="30 30">55349 <template name="userdom_manage_user_tmp_sockets" lineno="3014"> 55308 55350 <summary> 55309 55351 Create, read, write, and delete user … … 55332 55374 </param> 55333 55375 </template> 55334 <template name="userdom_user_tmp_filetrans" lineno="30 79">55376 <template name="userdom_user_tmp_filetrans" lineno="3063"> 55335 55377 <summary> 55336 55378 Create objects in a user temporary directory … … 55372 55414 </param> 55373 55415 </template> 55374 <template name="userdom_tmp_filetrans_user_tmp" lineno="31 23">55416 <template name="userdom_tmp_filetrans_user_tmp" lineno="3107"> 55375 55417 <summary> 55376 55418 Create objects in the temporary directory … … 55407 55449 </param> 55408 55450 </template> 55409 <template name="userdom_rw_user_tmpfs_files" lineno="31 56">55451 <template name="userdom_rw_user_tmpfs_files" lineno="3140"> 55410 55452 <summary> 55411 55453 Read user tmpfs files. … … 55432 55474 </param> 55433 55475 </template> 55434 <template name="userdom_list_user_untrusted_content" lineno="31 92">55476 <template name="userdom_list_user_untrusted_content" lineno="3176"> 55435 55477 <summary> 55436 55478 List users untrusted directories. … … 55457 55499 </param> 55458 55500 </template> 55459 <template name="userdom_dontaudit_list_user_untrusted_content" lineno="32 27">55501 <template name="userdom_dontaudit_list_user_untrusted_content" lineno="3211"> 55460 55502 <summary> 55461 55503 Do not audit attempts to list user … … 55484 55526 </param> 55485 55527 </template> 55486 <template name="userdom_read_user_untrusted_content_files" lineno="32 60">55528 <template name="userdom_read_user_untrusted_content_files" lineno="3244"> 55487 55529 <summary> 55488 55530 Read user untrusted files. … … 55509 55551 </param> 55510 55552 </template> 55511 <template name="userdom_manage_user_untrusted_content_files" lineno="32 94">55553 <template name="userdom_manage_user_untrusted_content_files" lineno="3278"> 55512 55554 <summary> 55513 55555 Manage user untrusted files. … … 55534 55576 </param> 55535 55577 </template> 55536 <template name="userdom_manage_user_untrusted_content_tmp_files" lineno="33 27">55578 <template name="userdom_manage_user_untrusted_content_tmp_files" lineno="3311"> 55537 55579 <summary> 55538 55580 Manage user untrusted tmp files. … … 55559 55601 </param> 55560 55602 </template> 55561 <template name="userdom_dontaudit_read_user_untrusted_content_files" lineno="33 62">55603 <template name="userdom_dontaudit_read_user_untrusted_content_files" lineno="3346"> 55562 55604 <summary> 55563 55605 Do not audit attempts to read users … … 55586 55628 </param> 55587 55629 </template> 55588 <template name="userdom_read_user_untrusted_content_symlinks" lineno="33 95">55630 <template name="userdom_read_user_untrusted_content_symlinks" lineno="3379"> 55589 55631 <summary> 55590 55632 Read user untrusted symbolic links. … … 55611 55653 </param> 55612 55654 </template> 55613 <template name="userdom_list_user_tmp_untrusted_content" lineno="34 29">55655 <template name="userdom_list_user_tmp_untrusted_content" lineno="3413"> 55614 55656 <summary> 55615 55657 List users temporary untrusted directories. … … 55636 55678 </param> 55637 55679 </template> 55638 <template name="userdom_dontaudit_list_user_tmp_untrusted_content" lineno="34 64">55680 <template name="userdom_dontaudit_list_user_tmp_untrusted_content" lineno="3448"> 55639 55681 <summary> 55640 55682 Do not audit attempts to list user … … 55663 55705 </param> 55664 55706 </template> 55665 <template name="userdom_read_user_tmp_untrusted_content_files" lineno="34 97">55707 <template name="userdom_read_user_tmp_untrusted_content_files" lineno="3481"> 55666 55708 <summary> 55667 55709 Read user temporary untrusted files. … … 55688 55730 </param> 55689 55731 </template> 55690 <template name="userdom_dontaudit_read_user_tmp_untrusted_content_files" lineno="35 33">55732 <template name="userdom_dontaudit_read_user_tmp_untrusted_content_files" lineno="3517"> 55691 55733 <summary> 55692 55734 Do not audit attempts to read users … … 55715 55757 </param> 55716 55758 </template> 55717 <template name="userdom_read_user_tmp_untrusted_content_symlinks" lineno="35 66">55759 <template name="userdom_read_user_tmp_untrusted_content_symlinks" lineno="3550"> 55718 55760 <summary> 55719 55761 Read user temporary untrusted symbolic links. … … 55740 55782 </param> 55741 55783 </template> 55742 <interface name="userdom_read_all_untrusted_content" lineno="35 85">55784 <interface name="userdom_read_all_untrusted_content" lineno="3569"> 55743 55785 <summary> 55744 55786 Read all user untrusted content files. … … 55750 55792 </param> 55751 55793 </interface> 55752 <interface name="userdom_read_all_tmp_untrusted_content" lineno="3 605">55794 <interface name="userdom_read_all_tmp_untrusted_content" lineno="3589"> 55753 55795 <summary> 55754 55796 Read all user temporary untrusted content files. … … 55760 55802 </param> 55761 55803 </interface> 55762 <template name="userdom_setattr_user_ttys" lineno="36 40">55804 <template name="userdom_setattr_user_ttys" lineno="3624"> 55763 55805 <summary> 55764 55806 Set the attributes of a user domain tty. … … 55785 55827 </param> 55786 55828 </template> 55787 <template name="userdom_use_user_ttys" lineno="36 77">55829 <template name="userdom_use_user_ttys" lineno="3661"> 55788 55830 <summary> 55789 55831 Read and write a user domain tty. … … 55810 55852 </param> 55811 55853 </template> 55812 <template name="userdom_use_user_terminals" lineno="3 714">55854 <template name="userdom_use_user_terminals" lineno="3698"> 55813 55855 <summary> 55814 55856 Read and write a user domain tty and pty. … … 55835 55877 </param> 55836 55878 </template> 55837 <template name="userdom_dontaudit_use_user_terminals" lineno="37 56">55879 <template name="userdom_dontaudit_use_user_terminals" lineno="3740"> 55838 55880 <summary> 55839 55881 Do not audit attempts to read and write … … 55862 55904 </param> 55863 55905 </template> 55864 <interface name="userdom_spec_domtrans_all_users" lineno="37 77">55906 <interface name="userdom_spec_domtrans_all_users" lineno="3761"> 55865 55907 <summary> 55866 55908 Execute a shell in all user domains. This … … 55874 55916 </param> 55875 55917 </interface> 55876 <interface name="userdom_xsession_spec_domtrans_all_users" lineno="3 800">55918 <interface name="userdom_xsession_spec_domtrans_all_users" lineno="3784"> 55877 55919 <summary> 55878 55920 Execute an Xserver session in all unprivileged user domains. This … … 55886 55928 </param> 55887 55929 </interface> 55888 <interface name="userdom_spec_domtrans_unpriv_users" lineno="38 23">55930 <interface name="userdom_spec_domtrans_unpriv_users" lineno="3807"> 55889 55931 <summary> 55890 55932 Execute a shell in all unprivileged user domains. This … … 55898 55940 </param> 55899 55941 </interface> 55900 <interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="38 46">55942 <interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="3830"> 55901 55943 <summary> 55902 55944 Execute an Xserver session in all unprivileged user domains. This … … 55910 55952