Layer: system

Module: selinuxutil

Description:

Policy for SELinux policy and userland applications.

Interfaces:

seutil_create_bin_policy( domain )
Summary

Create the SELinux binary policy.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_domtrans_checkpolicy( domain )
Summary

Execute checkpolicy in the checkpolicy domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_domtrans_loadpolicy( domain )
Summary

Execute load_policy in the load_policy domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_domtrans_newrole( domain )
Summary

Execute newrole in the load_policy domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_domtrans_restorecon( domain )
Summary

Execute restorecon in the restorecon domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_domtrans_runinit( domain )
Summary

Execute run_init in the run_init domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_domtrans_semanage( domain )
Summary

Execute a domain transition to run semanage.

Parameters
Parameter:Description:Optional:
domain

Domain allowed to transition.

No
seutil_domtrans_setfiles( domain )
Summary

Execute setfiles in the setfiles domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_dontaudit_read_config( domain )
Summary

Do not audit attempts to read the SELinux userland configuration (/etc/selinux).

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
seutil_dontaudit_read_file_contexts( domain )
Summary

dontaudit Read the file_contexts files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_dontaudit_search_config( domain )
Summary

Do not audit attempts to search the SELinux configuration directory (/etc/selinux).

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
seutil_dontaudit_signal_newrole( domain )
Summary

Do not audit the caller attempts to send a signal to newrole.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_exec_checkpolicy( domain )
Summary

Execute checkpolicy in the caller domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_exec_loadpolicy( domain )
Summary

Execute load_policy in the caller domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_exec_newrole( domain )
Summary

Execute newrole in the caller domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_exec_restorecon( domain )
Summary

Execute restorecon in the caller domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_exec_setfiles( domain )
Summary

Execute setfiles in the caller domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_get_semanage_read_lock( domain )
Summary

Get read lock on module store

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_get_semanage_trans_lock( domain )
Summary

Get trans lock on module store

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_init_script_domtrans_runinit( domain )
Summary

Execute init scripts in the run_init domain.

Description

Execute init scripts in the run_init domain. This is used for the Gentoo integrated run_init.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_init_script_run_runinit( domain , role , terminal )
Summary

Execute init scripts in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

Description

Execute init scripts in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

This is used for the Gentoo integrated run_init.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the run_init domain.

No
terminal

The type of the terminal allow the run_init domain to use.

No
seutil_manage_bin_policy( domain )
Summary

Create, read, write, and delete the SELinux binary policy.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_manage_config_dirs( domain )
Summary

Create, read, write, and delete the general selinux configuration files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_manage_default_contexts( domain )
Summary

Create, read, write, and delete the default_contexts files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_manage_file_contexts( domain )
Summary

Create, read, write, and delete the file_contexts files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_manage_module_store( domain )
Summary

Full management of the semanage module store.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_manage_selinux_config( domain )
Summary

Create, read, write, and delete the general selinux configuration files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_manage_src_policy( domain )
Summary

Create, read, write, and delete SELinux policy source files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_read_bin_policy( domain )
Summary

Read the SELinux binary policy.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_read_config( domain )
Summary

Read the general SELinux configuration files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_read_default_contexts( domain )
Summary

Read the default_contexts files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_read_file_contexts( domain )
Summary

Read the file_contexts files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_read_loadpolicy( domain )
Summary

Read the load_policy program file.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_read_src_policy( domain )
Summary

Read SELinux policy source files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_relabelto_bin_policy( domain )
Summary

Allow the caller to relabel a file to the binary policy type.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_run_checkpolicy( domain , role , terminal )
Summary

Execute checkpolicy in the checkpolicy domain, and allow the specified role the checkpolicy domain, and use the caller's terminal.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the checkpolicy domain.

No
terminal

The type of the terminal allow the checkpolicy domain to use.

No
seutil_run_loadpolicy( domain , role , terminal )
Summary

Execute load_policy in the load_policy domain, and allow the specified role the load_policy domain, and use the caller's terminal.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the load_policy domain.

No
terminal

The type of the terminal allow the load_policy domain to use.

No
seutil_run_newrole( domain , role , terminal )
Summary

Execute newrole in the newrole domain, and allow the specified role the newrole domain, and use the caller's terminal.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the newrole domain.

No
terminal

The type of the terminal allow the newrole domain to use.

No
seutil_run_restorecon( domain , role , terminal )
Summary

Execute restorecon in the restorecon domain, and allow the specified role the restorecon domain, and use the caller's terminal.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the restorecon domain.

No
terminal

The type of the terminal allow the restorecon domain to use.

No
seutil_run_runinit( domain , role , terminal )
Summary

Execute run_init in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the run_init domain.

No
terminal

The type of the terminal allow the run_init domain to use.

No
seutil_run_semanage( domain , role , terminal )
Summary

Execute semanage in the semanage domain, and allow the specified role the semanage domain, and use the caller's terminal.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the checkpolicy domain.

No
terminal

The type of the terminal allow the semanage domain to use.

No
seutil_run_setfiles( domain , role , terminal )
Summary

Execute setfiles in the setfiles domain, and allow the specified role the setfiles domain, and use the caller's terminal.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed the setfiles domain.

No
terminal

The type of the terminal allow the setfiles domain to use.

No
seutil_rw_config( domain )
Summary

Read and write the general SELinux configuration files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_rw_file_contexts( domain )
Summary

Read and write the file_contexts files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_search_default_contexts( domain )
Summary

Search the policy directory with default_context files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_semanage_domain( domain )
Summary

Make the specified domain be a SELinux management gui

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_sigchld_newrole( domain )
Summary

Send a SIGCHLD signal to newrole.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_use_newrole_fds( domain )
Summary

Inherit and use newrole file descriptors.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
seutil_use_runinit_fds( domain )
Summary

Inherit and use run_init file descriptors.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
Return