Layer: roles

Module: sysadm

Tunables Interfaces Templates

Description:

General system administration role


Tunables:

allow_ptrace
Default value

false

Description

Allow sysadm to debug or ptrace all processes.

Return

Interfaces:

sysadm_bin_spec_domtrans( domain )
Summary

Execute a generic bin program in the sysadm domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_bin_spec_domtrans_to( domain )
Summary

Allow sysadm to execute a generic bin program in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Allow sysadm to execute a generic bin program in a specified domain.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain to execute in.

sysadm_dontaudit_getattr_home_dirs( domain )
Summary

Do not audit attempts to get the attributes of the sysadm users home directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_dontaudit_getattr_ttys( domain )
Summary

Do not audit attepts to get the attributes of sysadm ttys.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_dontaudit_list_home_dirs( domain )
Summary

Do not audit attempts to list the sysadm users home directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_dontaudit_read_home_content_files( domain )
Summary

Do not audit attempts to read files in the sysadm home directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_dontaudit_read_home_sym_links( domain )
Summary

Do not audit attempts to read sym links in the sysadm home directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_dontaudit_search_home_dirs( domain )
Summary

Do not audit attempts to search the sysadm users home directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_dontaudit_use_ptys( domain )
Summary

Dont audit attempts to read and write sysadm ptys.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_dontaudit_use_terms( domain )
Summary

Do not audit attempts to use sysadm ttys and ptys.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_dontaudit_use_ttys( domain )
Summary

Do not audit attempts to use sysadm ttys.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_entry_spec_domtrans( domain )
Summary

Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_getattr_home_dirs( domain )
Summary

Get the attributes of the sysadm users home directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_home_dir_filetrans( domain , private type , object_class )
Summary

Create objects in sysadm home directories with automatic file type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

private type

The type of the object to be created.

object_class

The class of the object to be created. If not specified, file is used.

sysadm_list_home_dirs( domain )
Summary

List the sysadm users home directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_read_home_content_files( domain )
Summary

Read files in the sysadm home directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_read_tmp_files( domain )
Summary

Read sysadm temporary files.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_rw_pipes( domain )
Summary

Read and write sysadm user unnamed pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_search_home_content_dirs( domain )
Summary

Search the sysadm users home sub directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_search_home_dirs( domain )
Summary

Search the sysadm users home directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

sysadm_shell_domtrans( domain )
Summary

Execute a shell in the sysadm domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_sigchld( domain )
Summary

Send a SIGCHLD signal to sysadm users.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_use_fds( domain )
Summary

Inherit and use sysadm file descriptors

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_use_ptys( domain )
Summary

Read and write sysadm ptys.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_use_terms( domain )
Summary

Read and write sysadm ttys and ptys.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_use_ttys( domain )
Summary

Read and write sysadm ttys.

Parameters
Parameter:Description:
domain

Domain allowed access.

Return

Templates:

sysadm_role_change_template( prefix )
Summary

Change to the generic user role.

Parameters
Parameter:Description:
prefix

The prefix of the user role (e.g., user is the prefix for user_r).

sysadm_role_change_to_template( prefix )
Summary

Change from the generic user role.

Description

Change from the generic user role to the specified role.

This is a template to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
prefix

The prefix of the user role (e.g., user is the prefix for user_r).

Return