Generic unprivileged user role
append all unprivileged users home directory files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
dontaudit append all unprivileged users home directory files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to relabel unpriv user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Don't audit list on the user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
dontaudit Read all unprivileged users home directory files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to relabel generic user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Don't audit search on the user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create generic user home directories with automatic file type transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create objects in generic user home directories with automatic file type transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. If not specified, file is used. |
Create generic user home directories with automatic file type transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete directories in unprivileged users home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named pipes in generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named sockets in generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete symbolic links in generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write all unprivileged users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write all unprivileged users lnk_files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Mmap of unpriv user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read files in generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read link files in generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read all unprivileged users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel to generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
RW unpriviledged user SysV sempaphores.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search generic user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to unpriviledged users over an unix stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
unlink all unprivileged users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write all unprivileged users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Unlink user tmpfs files.
Read/write user tmpfs files.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to manage users temporary directories.
Do not audit attempts to manage users temporary directories.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write user home files.
Do not audit attempts to write user home files.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Create, read, write, and delete user temporary directories.
Create, read, write, and delete user temporary directories.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary named pipes.
Create, read, write, and delete user temporary named pipes.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
Create, read, write, and delete user temporary named sockets.
Create, read, write, and delete user temporary named sockets.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user untrusted files.
Create, read, write, and delete untrusted files.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
Manage user untrusted tmp files.
Create, read, write, and delete untrusted tmp files.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
Read user tmpfs files.
read user temporary file system files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Change to the generic user role.
Parameter: | Description: |
---|---|
prefix |
The prefix of the user role (e.g., user is the prefix for user_r). |
Change from the generic user role.
Change from the generic user role to the specified role.
This is a template to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
prefix |
The prefix of the user role (e.g., user is the prefix for user_r). |