X Windows Server
Create a named socket in a XDM temporary directory.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to write the X server log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Execute the X server in the XDM X server domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
dontaudit getattr xdm temporary files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
dontaudit getattr xdm temporary files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Do not audit attempts to read and write xdm_xserver unix domain stream sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
dontaudit Read and write XDM unnamed pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to read and write to a XDM X server socket.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
dontaudit use file descriptors for xdm.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to write the X server log files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Get the attributes of X server logs.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of xauth executable
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Kill XDM X servers
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
manage xdm temporary files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Read XDM var lib files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read XDM pid files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read xdm-writable configuration files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read xdm temporary files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Read xdm temporary files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Read X keyboard extension libraries.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Read and write the X windows console named pipe.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write XDM unnamed pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The type of the process performing this action. | No |
Read write xdm temporary files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Set the attributes of the X windows console named pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Set the attributes of XDM temporary directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Signal XDM X servers
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit | No |
Connect to XDM over a unix domain stream socket.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Connect to xdm_xserver over a unix domain stream socket.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read all users fonts, user font configurations, and manage all users font caches.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Use file descriptors for xdm.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Make an X session script an entrypoint for the specified domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The domain for which the shell is an entrypoint. | No |
Execute an X session in the target domain. This is an explicit transition, requiring the caller to use setexeccon().
Execute an Xsession in the target domain. This is an explicit transition, requiring the caller to use setexeccon().
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
target_domain |
The type of the shell process. | No |
Template to create types and rules common to all X server domains.
Parameter: | Description: | Optional: |
---|---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). | No |
Transition to a user Xauthority domain.
Transition to a user Xauthority domain.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). | No |
domain |
Domain allowed access. | No |
Transition to a user Xauthority domain.
Transition to a user Xauthority domain.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). | No |
domain |
Domain allowed access. | No |
The per role template for the xserver module.
Define a derived domain for the X server when executed by a user domain (e.g. via startx). See the xdm module if using an X Display Manager.
This is invoked automatically for each user and generally does not need to be invoked directly by policy writers.
Parameter: | Description: | Optional: |
---|---|---|
prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). | No |
user_domain |
The type of the user domain. | No |
user_role |
The role associated with the user domain. | No |
Template for creating sessions on a prefix X server, with read-only access to the X server shared memory segments.
Parameter: | Description: | Optional: |
---|---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). | No |
domain |
Domain allowed access. | No |
tmpfs_type |
The type of the domain SYSV tmpfs files. | No |
Template for creating sessions on a prefix X server, with read and write access to the X server shared memory segments.
Parameter: | Description: | Optional: |
---|---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). | No |
domain |
Domain allowed access. | No |
tmpfs_type |
The type of the domain SYSV tmpfs files. | No |
Read user fonts, user font configuration, and manage the user font cache.
Read user fonts, user font configuration, and manage the user font cache.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). | No |
domain |
Domain allowed access. | No |
Template for creating full client sessions on a user X server.
Parameter: | Description: | Optional: |
---|---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). | No |
domain |
Domain allowed access. | No |
tmpfs_type |
The type of the domain SYSV tmpfs files. | No |