Layer: system

Module: unconfined

Interfaces

Description:

The unconfined domain.


Interfaces:

unconfined_alias_domain( domain )
Summary

Add an alias type to the unconfined domain. (Deprecated)

Description

Add an alias type to the unconfined domain. (Deprecated)

This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.

Parameters
Parameter:Description:Optional:
domain

New alias of the unconfined domain.

No
unconfined_create_keys( domain )
Summary

Create keys for the unconfined domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_dbus_chat( domain )
Summary

Send and receive messages from unconfined_t over dbus.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_dbus_connect( domain )
Summary

Connect to the the unconfined DBUS for service (acquire_svc).

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_dbus_send( domain )
Summary

Send messages to the unconfined domain over dbus.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_domain( domain )
Summary

Make the specified domain unconfined and audit executable memory and executable heap usage.

Parameters
Parameter:Description:Optional:
domain

Domain to make unconfined.

No
unconfined_domain_noaudit( domain )
Summary

Make the specified domain unconfined.

Parameters
Parameter:Description:Optional:
domain

Domain to make unconfined.

No
unconfined_domtrans( domain )
Summary

Transition to the unconfined domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_domtrans_to( domain , entry_file )
Summary

Allow unconfined to execute the specified program in the specified domain.

Description

Allow unconfined to execute the specified program in the specified domain.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:Optional:
domain

Domain to execute in.

No
entry_file

Domain entry point file.

No
unconfined_dontaudit_read_pipes( domain )
Summary

Do not audit attempts to read unconfined domain unnamed pipes.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_dontaudit_rw_pipes( domain )
Summary

Do not audit attempts to read and write unconfined domain unnamed pipes.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
unconfined_dontaudit_rw_tcp_sockets( domain )
Summary

Do not audit attempts to read or write unconfined domain tcp sockets.

Description

Do not audit attempts to read or write unconfined domain tcp sockets.

This interface was added due to a broken symptom in ldconfig.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
unconfined_dontaudit_use_terminals( domain )
Summary

Do not audit attempts to use unconfined ttys and ptys.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
unconfined_execmem_alias_program( domain )
Summary

Add an alias type to the unconfined execmem program file type. (Deprecated)

Description

Add an alias type to the unconfined execmem program file type. (Deprecated)

This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.

Parameters
Parameter:Description:Optional:
domain

New alias of the unconfined execmem program type.

No
unconfined_execmem_domtrans( domain )
Summary

Transition to the unconfined_execmem domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_execmem_rw_shm( domain )
Summary

Read and write to unconfined execmem shared memory.

Parameters
Parameter:Description:Optional:
domain

The type of the process performing this action.

No
unconfined_getpgid( domain )
Summary

Get the process group of unconfined.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_ptrace( domain )
Summary

Allow ptrace of unconfined domain

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_read_pipes( domain )
Summary

Read unconfined domain unnamed pipes.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_run( domain , role , terminal )
Summary

Execute specified programs in the unconfined domain.

Parameters
Parameter:Description:Optional:
domain

The type of the process performing this action.

No
role

The role to allow the unconfined domain.

No
terminal

The type of the terminal allow the unconfined domain to use.

No
unconfined_run_to( domain , entry_file )
Summary

Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.

Description

Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:Optional:
domain

Domain to execute in.

No
entry_file

Domain entry point file.

No
unconfined_rw_pipes( domain )
Summary

Read and write unconfined domain unnamed pipes.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_rw_shm( domain )
Summary

Read and write to unconfined shared memory.

Parameters
Parameter:Description:Optional:
domain

The type of the process performing this action.

No
unconfined_rw_stream_sockets( domain )
Summary

Allow the specified domain to read/write to unconfined with a unix domain stream sockets.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_rw_tmpfs_files( domain )
Summary

Read/write unconfined tmpfs files.

Description

Read/write unconfined tmpfs files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_set_rlimitnh( domain )
Summary

Allow apps to set rlimits on userdomain

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_shell_domtrans( domain )
Summary

Transition to the unconfined domain by executing a shell.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_sigchld( domain )
Summary

Send a SIGCHLD signal to the unconfined domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_signal( domain )
Summary

Send generic signals to the unconfined domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_signull( domain )
Summary

Send a SIGNULL signal to the unconfined domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_stream_connect( domain )
Summary

Connect to the unconfined domain using a unix domain stream socket.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_use_fds( domain )
Summary

Inherit file descriptors from the unconfined domain.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unconfined_use_terminals( domain )
Summary

allow attempts to use unconfined ttys and ptys.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
Return