Chromium browser
false
Allow chromium to bind to tcp ports
Although not needed for regular browsing, some chrome extensions need to bind to tcp ports and accept connections.
true
Allow chromium to access direct rendering interface
Needed for good performance on complex sites
false
Grant the chromium domains manage rights on all user content
false
Grant the chromium domains manage rights on generic user content
false
Grant the chromium domains read access to all user content
true
Grant the chromium domains read access to generic user content
false
Allow chromium to read system information
Although not needed for regular browsing, this will allow chromium to update its own memory consumption based on system state, support additional debugging, detect specific devices, etc.
false
Allow chromium to read/write USB devices
Although not needed for regular browsing, used for debugging over usb or using FIDO U2F tokens.
Execute a domain transition to the chromium domain (chromium_t)
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access |
Execute chromium in the chromium domain and allow the specified role to access the chromium domain
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access |
| role |
Role allowed access |
Read-write access to Chromiums' temporary fifo files
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access |
Automatically use the specified type for resources created in chromium's temporary locations
| Parameter: | Description: |
|---|---|
| domain |
Domain that creates the resource(s) |
| private_type |
Private file type. |
| class |
Type of the resource created |
| filename |
The name of the resource being created |
Role access for chromium
| Parameter: | Description: |
|---|---|
| role_prefix |
The prefix of the user role (e.g., user is the prefix for user_r). |
| user_domain |
User domain for the role. |
| user_exec_domain |
User exec domain for execute and transition access. |
| role |
Role allowed access |