Layer: services

Module: xserver

Interfaces Templates

Description:

X Windows Server

Interfaces:

xserver_create_xdm_tmp_sockets( domain )
Summary

Create a named socket in a XDM temporary directory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_delete_log( domain )
Summary

Do not audit attempts to write the X server log files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_domtrans_xdm_xserver( domain )
Summary

Execute the X server in the XDM X server domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_dontaudit_getattr_tmp_sock( domain )
Summary

dontaudit getattr xdm temporary files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_dontaudit_read_xdm_tmp_files( domain )
Summary

dontaudit getattr xdm temporary files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_dontaudit_rw_stream_xdm_sockets( domain )
Summary

Do not audit attempts to read and write xdm_xserver unix domain stream sockets.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_dontaudit_rw_xdm_pipes( domain )
Summary

dontaudit Read and write XDM unnamed pipes.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_dontaudit_rw_xdm_xserver_tcp_sockets( domain )
Summary

Do not audit attempts to read and write to a XDM X server socket.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_dontaudit_use_xdm_fds( domain )
Summary

dontaudit use file descriptors for xdm.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_dontaudit_write_log( domain )
Summary

Do not audit attempts to write the X server log files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_getattr_log( domain )
Summary

Get the attributes of X server logs.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_getattr_xauth( domain )
Summary

Get the attributes of xauth executable

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_kill_xdm_xserver( domain )
Summary

Kill XDM X servers

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_manage_xdm_tmp_files( domain )
Summary

manage xdm temporary files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_read_xdm_lib_files( domain )
Summary

Read XDM var lib files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_read_xdm_pid( domain )
Summary

Read XDM pid files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_read_xdm_rw_config( domain )
Summary

Read xdm-writable configuration files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_read_xdm_tmp_files( domain )
Summary

Read xdm temporary files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_read_xdm_xserver_tmp_files( domain )
Summary

Read xdm temporary files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_read_xkb_libs( domain )
Summary

Read X keyboard extension libraries.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_rw_console( domain )
Summary

Read and write the X windows console named pipe.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_rw_xdm_pipes( domain )
Summary

Read and write XDM unnamed pipes.

Parameters
Parameter:Description:Optional:
domain

The type of the process performing this action.

No
xserver_rw_xdm_tmp_files( domain )
Summary

Read write xdm temporary files.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_setattr_console_pipes( domain )
Summary

Set the attributes of the X windows console named pipes.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_setattr_xdm_tmp_dirs( domain )
Summary

Set the attributes of XDM temporary directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_signal_xdm_xserver( domain )
Summary

Signal XDM X servers

Parameters
Parameter:Description:Optional:
domain

Domain to not audit

No
xserver_stream_connect_xdm( domain )
Summary

Connect to XDM over a unix domain stream socket.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_stream_connect_xdm_xserver( domain )
Summary

Connect to xdm_xserver over a unix domain stream socket.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_use_all_users_fonts( domain )
Summary

Read all users fonts, user font configurations, and manage all users font caches.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_use_xdm_fds( domain )
Summary

Use file descriptors for xdm.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
xserver_xsession_entry_type( domain )
Summary

Make an X session script an entrypoint for the specified domain.

Parameters
Parameter:Description:Optional:
domain

The domain for which the shell is an entrypoint.

No
xserver_xsession_spec_domtrans( domain , target_domain )
Summary

Execute an X session in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute an Xsession in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
target_domain

The type of the shell process.

No
Return

Templates:

xserver_common_domain_template( prefix )
Summary

Template to create types and rules common to all X server domains.

Parameters
Parameter:Description:Optional:
prefix

The prefix of the domain (e.g., user is the prefix for user_t).

No
xserver_domtrans_user_xauth( userdomain_prefix , domain )
Summary

Transition to a user Xauthority domain.

Description

Transition to a user Xauthority domain.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
xserver_filetrans_user_xauth( userdomain_prefix , domain )
Summary

Transition to a user Xauthority domain.

Description

Transition to a user Xauthority domain.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
xserver_per_role_template( prefix , user_domain , user_role )
Summary

The per role template for the xserver module.

Description

Define a derived domain for the X server when executed by a user domain (e.g. via startx). See the xdm module if using an X Display Manager.

This is invoked automatically for each user and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:Optional:
prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
user_domain

The type of the user domain.

No
user_role

The role associated with the user domain.

No
xserver_ro_session_template( prefix , domain , tmpfs_type )
Summary

Template for creating sessions on a prefix X server, with read-only access to the X server shared memory segments.

Parameters
Parameter:Description:Optional:
prefix

The prefix of the domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
tmpfs_type

The type of the domain SYSV tmpfs files.

No
xserver_rw_session_template( prefix , domain , tmpfs_type )
Summary

Template for creating sessions on a prefix X server, with read and write access to the X server shared memory segments.

Parameters
Parameter:Description:Optional:
prefix

The prefix of the domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
tmpfs_type

The type of the domain SYSV tmpfs files.

No
xserver_use_user_fonts( userdomain_prefix , domain )
Summary

Read user fonts, user font configuration, and manage the user font cache.

Description

Read user fonts, user font configuration, and manage the user font cache.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
xserver_user_client_template( prefix , domain , tmpfs_type )
Summary

Template for creating full client sessions on a user X server.

Parameters
Parameter:Description:Optional:
prefix

The prefix of the domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
tmpfs_type

The type of the domain SYSV tmpfs files.

No
Return