Layer: kernel

Module: filesystem

Description:

Policy for filesystems.

This module is required to be included in all policies.

Interfaces:

fs_append_cifs_files(
	
		domain
		
	)

Summary

Append files on a CIFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_append_nfs_files(
	
		domain
		
	)

Summary

Append files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_associate(
	
		file_type
		
	)

Summary

Associate the specified file type to persistent filesystems with extended attributes. This allows a file of this type to be created on a filesystem such as ext3, JFS, and XFS.

Parameters

Parameter:	Description:
file_type	The type of the to be associated.

fs_associate_hugetlbfs(
	
		type
		
	)

Summary

Allow the type to associate to hugetlbfs filesystems.

Parameters

Parameter:	Description:
type	The type of the object to be associated.

fs_associate_noxattr(
	
		file_type
		
	)

Summary

Associate the specified file type to filesystems which lack extended attributes support. This allows a file of this type to be created on a filesystem such as FAT32, and NFS.

Parameters

Parameter:	Description:
file_type	The type of the to be associated.

fs_associate_ramfs(
	
		type
		
	)

Summary

Allow the type to associate to ramfs filesystems.

Parameters

Parameter:	Description:
type	The type of the object to be associated.

fs_associate_tmpfs(
	
		type
		
	)

Summary

Allow the type to associate to tmpfs filesystems.

Parameters

Parameter:	Description:
type	The type of the object to be associated.

fs_cgroup_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in a cgroup tmpfs filesystem, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

fs_cifs_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file on a CIFS or SMB filesystem in the specified domain.

Description

Execute a file on a CIFS or SMB filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on CIFS/SMB filesystems, in particular used by the ssh-agent policy.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

fs_create_cgroup_links(
	
		domain
		
	)

Summary

Create cgroup lnk_files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_create_pstore_dirs(
	
		domain
		
	)

Summary

Create pstore directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_create_tracefs_dirs(
	
		domain
		
	)

Summary

create trace filesystem directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_delete_cgroup_dirs(
	
		domain
		
	)

Summary

Delete cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_delete_pstore_files(
	
		domain
		
	)

Summary

Delete the files of a pstore filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_delete_tmpfs_symlinks(
	
		domain
		
	)

Summary

Delete tmpfs symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_dontaudit_append_cifs_files(
	
		domain
		
	)

Summary

dontaudit Append files on a CIFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_append_nfs_files(
	
		domain
		
	)

Summary

dontaudit Append files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all files with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_fs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes all filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named pipes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named sockets with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all symbolic links with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_tmpfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_tmpfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to getattr generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_xattr_fs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_auto_mountpoints(
	
		domain
		
	)

Summary

Do not audit attempts to list directories of automatically mounted filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_cifs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of directories on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_cifs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to read dirs on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_fusefs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_inotifyfs(
	
		domain
		
	)

Summary

Dontaudit List inotifyfs filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_nfs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_noxattr_fs(
	
		domain
		
	)

Summary

Do not audit attempts to list all noxattrfs directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_removable(
	
		domain
		
	)

Summary

Do not audit attempts to list removable storage directories.

Parameters

Parameter:	Description:
domain	Domain not to audit.

fs_dontaudit_list_tmpfs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of generic tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_cifs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_cifs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_fusefs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_fusefs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_nfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_nfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_xenfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_xenfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_cifs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_nfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_nfs_symlinks(
	
		domain
		
	)

Summary

Dontaudit read symbolic links on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_noxattr_fs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read all noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_ramfs_files(
	
		domain
		
	)

Summary

Dontaudit read on a ramfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_ramfs_pipes(
	
		domain
		
	)

Summary

Dontaudit read on a ramfs fifo_files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_removable_files(
	
		domain
		
	)

Summary

Do not audit attempts to read removable storage files.

Parameters

Parameter:	Description:
domain	Domain not to audit.

fs_dontaudit_rw_anon_inodefs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write files on anon_inodefs file systems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_cgroup_files(
	
		domain
		
	)

Summary

Do not audit attempts to open, get attributes, read and write cgroup files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_cifs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_nfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_tmpfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_search_ramfs(
	
		domain
		
	)

Summary

Dontaudit Search directories on a ramfs

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_use_tmpfs_chr_dev(
	
		domain
		
	)

Summary

dontaudit Read and write character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_write_all_image_files(
	
		domain
		
	)

Summary

Do not audit attempts to write all filesystem image files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_dontaudit_write_noxattr_fs_files(
	
		domain
		
	)

Summary

Dont audit attempts to write to noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_write_ramfs_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to write to named pipes on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_write_removable_files(
	
		domain
		
	)

Summary

Do not audit attempts to write removable storage files.

Parameters

Parameter:	Description:
domain	Domain not to audit.

fs_dontaudit_write_tmpfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to write tmpfs directories

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_exec_cifs_files(
	
		domain
		
	)

Summary

Execute files on a CIFS or SMB network filesystem, in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_fusefs_files(
	
		domain
		
	)

Summary

Execute files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_nfs_files(
	
		domain
		
	)

Summary

Execute files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_noxattr(
	
		domain
		
	)

Summary

Execute files on a filesystem that does not support extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_fusefs_domtrans(
	
		source_domain
		
			,
		
		target_domain
		
	)

Summary

Execute FUSEFS files in a specified domain.

Description

Execute FUSEFS files in a specified domain.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:
source_domain	Domain allowed to transition.
target_domain	Domain to transition to.

fs_fusefs_entry_type(
	
		domain
		
	)

Summary

Make FUSEFS files an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which fusefs_t is an entrypoint.

fs_get_all_fs_quotas(
	
		domain
		
	)

Summary

Get the quotas of all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_get_xattr_fs_quotas(
	
		domain
		
	)

Summary

Get the filesystem quotas of a filesystem with extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_blk_files(
	
		domain
		
	)

Summary

Get the attributes of all block device nodes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_chr_files(
	
		domain
		
	)

Summary

Get the attributes of all character device nodes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_dirs(
	
		domain
		
	)

Summary

Get the attributes of all directories with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_files(
	
		domain
		
	)

Summary

Get the attributes of all files with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_fs(
	
		domain
		
	)

Summary

Get the attributes of all filesystems.

Description

Allow the specified domain to get the attributes of all filesystems. Example attributes:

Type of the file system (e.g., ext3)

Size of the file system

Available space on the file system

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_pipes(
	
		domain
		
	)

Summary

Get the attributes of all named pipes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_sockets(
	
		domain
		
	)

Summary

Get the attributes of all named sockets with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_symlinks(
	
		domain
		
	)

Summary

Get the attributes of all symbolic links with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_xattr_fs(
	
		domain
		
	)

Summary

Get the attributes of all the filesystems which have extended attributes. This includes pseudo filesystems.

Description

Allow the specified domain to get the attributes of a filesystems which have extended attributes. Example attributes:

Type of the file system (e.g., tmpfs)

Size of the file system

Available space on the file system

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_autofs(
	
		domain
		
	)

Summary

Get the attributes of an automount pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_binfmt_misc_dirs(
	
		domain
		
	)

Summary

Get the attributes of directories on binfmt_misc filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_binfmt_misc_fs(
	
		domain
		
	)

Summary

Get the attributes of binfmt_misc filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_cgroup(
	
		domain
		
	)

Summary

Get attributes of cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_cgroup_files(
	
		domain
		
	)

Summary

Get attributes of cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_cifs(
	
		domain
		
	)

Summary

Get the attributes of a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_dos_dirs(
	
		domain
		
	)

Summary

Get attributes of directories on a dosfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_dos_fs(
	
		domain
		
	)

Summary

Get the attributes of a DOS filesystem, such as FAT32 or NTFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_efivarfs(
	
		domain
		
	)

Summary

Get the attributes of efivarfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_fusefs(
	
		domain
		
	)

Summary

stat a FUSE filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_hugetlbfs(
	
		domain
		
	)

Summary

Get the attributes of an hugetlbfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_iso9660_files(
	
		domain
		
	)

Summary

Get the attributes of files on an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_iso9660_fs(
	
		domain
		
	)

Summary

Get the attributes of an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nfs(
	
		domain
		
	)

Summary

Get the attributes of a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nfsd_files(
	
		domain
		
	)

Summary

Getattr files on an nfsd filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nfsd_fs(
	
		domain
		
	)

Summary

Get the attributes of a NFS server pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_noxattr_fs(
	
		domain
		
	)

Summary

Get the attributes of filesystems that do not have extended attribute support.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nsfs(
	
		domain
		
	)

Summary

Get the attributes of an nsfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nsfs_files(
	
		domain
		
	)

Summary

Get the attributes of nsfs inodes (e.g. /proc/pid/ns/uts)

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_pstore_dirs(
	
		domain
		
	)

Summary

Get the attributes of directories of a pstore filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_pstorefs(
	
		domain
		
	)

Summary

Get the attributes of a pstore filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_ramfs(
	
		domain
		
	)

Summary

Get the attributes of a RAM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_romfs(
	
		domain
		
	)

Summary

Get the attributes of a ROM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_rpc_dirs(
	
		domain
		
	)

Summary

Get the attributes of directories of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_rpc_pipefs(
	
		domain
		
	)

Summary

Get the attributes of a RPC pipe filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tmpfs(
	
		domain
		
	)

Summary

Get the attributes of a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tmpfs_dirs(
	
		domain
		
	)

Summary

Get the attributes of tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tracefs(
	
		domain
		
	)

Summary

Get the attributes of a trace filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tracefs_dirs(
	
		domain
		
	)

Summary

Get attributes of dirs on tracefs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tracefs_files(
	
		domain
		
	)

Summary

Get the attributes of files on a trace filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_xattr_fs(
	
		domain
		
	)

Summary

Get the attributes of persistent filesystems which have extended attributes, such as ext3, JFS, or XFS.

Description

Allow the specified domain to get the attributes of a persistent filesystems which have extended attributes, such as ext3, JFS, or XFS. Example attributes:

Type of the file system (e.g., ext3)

Size of the file system

Available space on the file system

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_hugetlbfs_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in a hugetlbfs filesystem, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

fs_image_file(
	
		domain
		
	)

Summary

Transform specified type into a filesystem image file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_ioctl_cgroup_dirs(
	
		domain
		
	)

Summary

Ioctl cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_all(
	
		domain
		
	)

Summary

List all directories with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_auto_mountpoints(
	
		domain
		
	)

Summary

Read directories of automatically mounted filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_cgroup_dirs(
	
		domain
		
	)

Summary

list cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_cifs(
	
		domain
		
	)

Summary

List the contents of directories on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_dos(
	
		domain
		
	)

Summary

List dirs DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_ecryptfs(
	
		domain
		
	)

Summary

Read symbolic links on an eCryptfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_efivars(
	
		domain
		
	)

Summary

List dirs in efivarfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_hugetlbfs(
	
		domain
		
	)

Summary

List hugetlbfs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_inotifyfs(
	
		domain
		
	)

Summary

List inotifyfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_nfs(
	
		domain
		
	)

Summary

List NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_nfsd_fs(
	
		domain
		
	)

Summary

List NFS server directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_noxattr_fs(
	
		domain
		
	)

Summary

Read all noxattrfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_pstore_dirs(
	
		domain
		
	)

Summary

List the directories of a pstore filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_rpc(
	
		domain
		
	)

Summary

Read directories of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_tmpfs(
	
		domain
		
	)

Summary

List the contents of generic tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_auto_mountpoints(
	
		domain
		
	)

Summary

Create, read, write, and delete auto moutpoints.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_autofs_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links on an autofs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cgroup_dirs(
	
		domain
		
	)

Summary

Manage cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cgroup_files(
	
		domain
		
	)

Summary

Manage cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_named_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_named_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_configfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete dirs on a configfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_configfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a configfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_dos_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete dirs on a DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_dos_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ecryptfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on an eCryptfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ecryptfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on an eCryptfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ecryptfs_named_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets on an eCryptfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_efivarfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a efivarfs filesystem. - contains Linux Kernel configuration options for UEFI systems

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_fusefs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_fusefs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_fusefs_symlinks(
	
		domain
		
	)

Summary

Manage symlinks on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_hugetlbfs_dirs(
	
		domain
		
	)

Summary

Manage hugetlbfs dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_named_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_named_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links on a NFS network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_noxattr_fs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete all noxattrfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_noxattr_fs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete all noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_noxattr_fs_symlinks(
	
		domain
		
	)

Summary

Manage all noxattrfs symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a ramfs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_blk_files(
	
		domain
		
	)

Summary

Read and write, create and delete block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_chr_files(
	
		domain
		
	)

Summary

Read and write, create and delete character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete tmpfs directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_files(
	
		domain
		
	)

Summary

Read and write, create and delete generic files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_sockets(
	
		domain
		
	)

Summary

Read and write, create and delete socket files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_symlinks(
	
		domain
		
	)

Summary

Read and write, create and delete symbolic links on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_xenfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_xenfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mmap_read_all_image_files(
	
		domain
		
	)

Summary

Mmap-read all filesystem image files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mmap_read_dos_files(
	
		domain
		
	)

Summary

Read and map files on a DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mmap_rw_all_image_files(
	
		domain
		
	)

Summary

Mmap-Read-write all filesystem image files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mmap_rw_hugetlbfs_files(
	
		domain
		
	)

Summary

Read, map and write hugetlbfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mmap_xenfs_files(
	
		domain
		
	)

Summary

Map files a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_all_fs(
	
		domain
		
	)

Summary

Mount all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_autofs(
	
		domain
		
	)

Summary

Mount an automount pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_cgroup(
	
		domain
		
	)

Summary

Mount cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_cifs(
	
		domain
		
	)

Summary

Mount a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_dos_fs(
	
		domain
		
	)

Summary

Mount a DOS filesystem, such as FAT32 or NTFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_fusefs(
	
		domain
		
	)

Summary

Mount a FUSE filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_iso9660_fs(
	
		domain
		
	)

Summary

Mount an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_nfs(
	
		domain
		
	)

Summary

Mount a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_nfsd_fs(
	
		domain
		
	)

Summary

Mount a NFS server pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_ramfs(
	
		domain
		
	)

Summary

Mount a RAM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_romfs(
	
		domain
		
	)

Summary

Mount a ROM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_rpc_pipefs(
	
		domain
		
	)

Summary

Mount a RPC pipe filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_tmpfs(
	
		domain
		
	)

Summary

Mount a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_xattr_fs(
	
		domain
		
	)

Summary

Mount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_xenfs(
	
		domain
		
	)

Summary

Mount a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_cgroup(
	
		domain
		
	)

Summary

Mount on cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_cifs(
	
		domain
		
	)

Summary

Mounton a CIFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_fusefs(
	
		domain
		
	)

Summary

Mounton a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_nfs(
	
		domain
		
	)

Summary

Mounton a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_tmpfs(
	
		domain
		
	)

Summary

Mount on tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_tmpfs_files(
	
		domain
		
	)

Summary

Mount on tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_nfs_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file on a NFS filesystem in the specified domain.

Description

Execute a file on a NFS filesystem in the specified domain. This allows the specified domain to execute any file on a NFS filesystem in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on NFS filesystems, in particular used by the ssh-agent policy.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

fs_noxattr_type(
	
		domain
		
	)

Summary

Transform specified type into a filesystem type which does not have extended attribute support.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_pseudo_type(
	
		domain
		
	)

Summary

Transform specified type into a filesystem type which is a pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_all_image_files(
	
		domain
		
	)

Summary

Read all filesystem image files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_all_inherited_image_files(
	
		domain
		
	)

Summary

Read all inherited filesystem image files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_anon_inodefs_files(
	
		domain
		
	)

Summary

Read files on anon_inodefs file systems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cgroup_files(
	
		domain
		
	)

Summary

Read cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_files(
	
		domain
		
	)

Summary

Read files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_named_pipes(
	
		domain
		
	)

Summary

Read named pipes on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_named_sockets(
	
		domain
		
	)

Summary

Read named sockets on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_symlinks(
	
		domain
		
	)

Summary

Read symbolic links on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_dos_files(
	
		domain
		
	)

Summary

Read files on a DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_efivarfs_files(
	
		domain
		
	)

Summary

Read files in efivarfs - contains Linux Kernel configuration options for UEFI systems

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_fusefs_files(
	
		domain
		
	)

Summary

Read, a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_fusefs_symlinks(
	
		domain
		
	)

Summary

Read symbolic links on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_iso9660_files(
	
		domain
		
	)

Summary

Read files on an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_files(
	
		domain
		
	)

Summary

Read files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_named_pipes(
	
		domain
		
	)

Summary

Read named pipes on a NFS network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_named_sockets(
	
		domain
		
	)

Summary

Read named sockets on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_symlinks(
	
		domain
		
	)

Summary

Read symbolic links on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_noxattr_fs_files(
	
		domain
		
	)

Summary

Read all noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_noxattr_fs_symlinks(
	
		domain
		
	)

Summary

Read all noxattrfs symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nsfs_files(
	
		domain
		
	)

Summary

Read nsfs inodes (e.g. /proc/pid/ns/uts)

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_pstore_files(
	
		domain
		
	)

Summary

Read pstore_t files

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_removable_blk_files(
	
		domain
		
	)

Summary

Read block nodes on removable filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_removable_files(
	
		domain
		
	)

Summary

Read removable storage files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_removable_symlinks(
	
		domain
		
	)

Summary

Read removable storage symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_rpc_files(
	
		domain
		
	)

Summary

Read files of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_rpc_sockets(
	
		domain
		
	)

Summary

Read sockets of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_rpc_symlinks(
	
		domain
		
	)

Summary

Read symbolic links of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_tmpfs_files(
	
		domain
		
	)

Summary

Read generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_tmpfs_symlinks(
	
		domain
		
	)

Summary

Read tmpfs link files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_register_binary_executable_type(
	
		domain
		
	)

Summary

Description

A common use for this is to register a JVM as an interpreter for Java byte code. Registered binaries can be directly executed on a command line without specifying the interpreter.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_cgroup_dirs(
	
		domain
		
	)

Summary

Relabel cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_cgroup_symlinks(
	
		domain
		
	)

Summary

Relabel cgroup symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_pstore_dirs(
	
		domain
		
	)

Summary

Relabel to/from pstore_t directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_blk_files(
	
		domain
		
	)

Summary

Relabel block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_chr_files(
	
		domain
		
	)

Summary

Relabel character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_dirs(
	
		domain
		
	)

Summary

Relabel directory on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_fifo_files(
	
		domain
		
	)

Summary

Relabel named pipes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_files(
	
		domain
		
	)

Summary

Relabel files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_all_fs(
	
		domain
		
	)

Summary

Relabelfrom all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_dos_fs(
	
		domain
		
	)

Summary

Allow changing of the label of a DOS filesystem using the context= mount option.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_iso9660_fs(
	
		domain
		
	)

Summary

Allow changing of the label of a filesystem with iso9660 type

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_noxattr_fs(
	
		domain
		
	)

Summary

Relabel all objects from filesystems that do not support extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_tmpfs(
	
		type
		
	)

Summary

Relabel from tmpfs filesystem.

Parameters

Parameter:	Description:
type	Domain allowed access.

fs_relabelfrom_tmpfs_dirs(
	
		type
		
	)

Summary

Relabel from tmpfs_t dir

Parameters

Parameter:	Description:
type	Domain allowed access.

fs_relabelfrom_tmpfs_sockets(
	
		domain
		
	)

Summary

Relabelfrom socket files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_tmpfs_symlinks(
	
		domain
		
	)

Summary

Relabelfrom tmpfs link files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_xattr_fs(
	
		domain
		
	)

Summary

Allow changing of the label of a filesystem with extended attributes using the context= mount option.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_all_fs(
	
		domain
		
	)

Summary

Remount all filesystems. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_autofs(
	
		domain
		
	)

Summary

Remount an automount pseudo filesystem This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_cgroup(
	
		domain
		
	)

Summary

Remount cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_cifs(
	
		domain
		
	)

Summary

Remount a CIFS or SMB network filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_dos_fs(
	
		domain
		
	)

Summary

Remount a DOS filesystem, such as FAT32 or NTFS. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_fusefs(
	
		domain
		
	)

Summary

Remount a FUSE filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_iso9660_fs(
	
		domain
		
	)

Summary

Remount an iso9660 filesystem, which is usually used on CDs. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_nfs(
	
		domain
		
	)

Summary

Remount a NFS filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_nfsd_fs(
	
		domain
		
	)

Summary

Mount a NFS server pseudo filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_ramfs(
	
		domain
		
	)

Summary

Remount a RAM filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_romfs(
	
		domain
		
	)

Summary

Remount a ROM filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_rpc_pipefs(
	
		domain
		
	)

Summary

Remount a RPC pipe filesystem. This allows some mount option to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_tmpfs(
	
		domain
		
	)

Summary

Remount a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_xattr_fs(
	
		domain
		
	)

Summary

Remount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_all_image_files(
	
		domain
		
	)

Summary

Read and write all filesystem image files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_anon_inodefs_files(
	
		domain
		
	)

Summary

Read and write files on anon_inodefs file systems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_cgroup_files(
	
		domain
		
	)

Summary

Read and write cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_hugetlbfs_files(
	
		domain
		
	)

Summary

Read and write hugetlbfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_inherited_hugetlbfs_files(
	
		domain
		
	)

Summary

Read and write inherited hugetlbfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_nfsd_fs(
	
		domain
		
	)

Summary

Read and write NFS server files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_ramfs_pipes(
	
		domain
		
	)

Summary

Read and write a named pipe on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_removable_blk_files(
	
		domain
		
	)

Summary

Read and write block nodes on removable filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_rpc_named_pipes(
	
		domain
		
	)

Summary

Read and write RPC pipe filesystem named pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_rpc_sockets(
	
		domain
		
	)

Summary

Read and write sockets of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_tmpfs_blk_files(
	
		domain
		
	)

Summary

Read and write block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_tmpfs_chr_files(
	
		domain
		
	)

Summary

Read and write character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_tmpfs_files(
	
		domain
		
	)

Summary

Read and write generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_all(
	
		domain
		
	)

Summary

Search all directories with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_auto_mountpoints(
	
		domain
		
	)

Summary

Search automount filesystem to use automatically mounted filesystems.

Description

Allow the specified domain to search mount points that have filesystems that are mounted by the automount service. Generally this will be required for any domain that accesses objects on these filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_bpf(
	
		domain
		
	)

Summary

Search bpf dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_cgroup_dirs(
	
		domain
		
	)

Summary

Search cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_cifs(
	
		domain
		
	)

Summary

Search directories on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_dos(
	
		domain
		
	)

Summary

Search dosfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_fusefs(
	
		domain
		
	)

Summary

Search directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_inotifyfs(
	
		domain
		
	)

Summary

Search inotifyfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_nfs(
	
		domain
		
	)

Summary

Search directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_nfsd_fs(
	
		domain
		
	)

Summary

Search NFS server directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_ramfs(
	
		domain
		
	)

Summary

Search directories on a ramfs

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_removable(
	
		domain
		
	)

Summary

Search removable storage directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_rpc(
	
		domain
		
	)

Summary

Search directories of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_tmpfs(
	
		domain
		
	)

Summary

Search tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_tracefs(
	
		domain
		
	)

Summary

search directories on a tracefs filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_xenfs(
	
		domain
		
	)

Summary

Search the XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_set_all_quotas(
	
		domain
		
	)

Summary

Set the quotas of all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_set_xattr_fs_quotas(
	
		domain
		
	)

Summary

Set the filesystem quotas of a filesystem with extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_setattr_tmpfs_dirs(
	
		domain
		
	)

Summary

Set the attributes of tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_tmpfs_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in a tmpfs filesystem, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

fs_type(
	
		domain
		
	)

Summary

Transform specified type into a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unconfined(
	
		domain
		
	)

Summary

Unconfined access to filesystems

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_all_fs(
	
		domain
		
	)

Summary

Unmount all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_autofs(
	
		domain
		
	)

Summary

Unmount an automount pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_cgroup(
	
		domain
		
	)

Summary

Unmount cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_cifs(
	
		domain
		
	)

Summary

Unmount a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_dos_fs(
	
		domain
		
	)

Summary

Unmount a DOS filesystem, such as FAT32 or NTFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_fusefs(
	
		domain
		
	)

Summary

Unmount a FUSE filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_iso9660_fs(
	
		domain
		
	)

Summary

Unmount an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_nfs(
	
		domain
		
	)

Summary

Unmount a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_nfsd_fs(
	
		domain
		
	)

Summary

Unmount a NFS server pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_nsfs(
	
		domain
		
	)

Summary

Unmount an nsfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_ramfs(
	
		domain
		
	)

Summary

Unmount a RAM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_romfs(
	
		domain
		
	)

Summary

Unmount a ROM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_rpc_pipefs(
	
		domain
		
	)

Summary

Unmount a RPC pipe filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_tmpfs(
	
		domain
		
	)

Summary

Unmount a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_xattr_fs(
	
		domain
		
	)

Summary

Unmount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_watch_cgroup_files(
	
		domain
		
	)

Summary

Watch cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_watch_nfsd_dirs(
	
		domain
		
	)

Summary

Watch NFS server directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_watch_nfsd_files(
	
		domain
		
	)

Summary

Watch NFS server files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_watch_rpc_pipefs_dir(
	
		domain
		
	)

Summary

Watch a rpc pipefs dir

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_watch_rpc_pipefs_dirs(
	
		domain
		
	)

Summary

Watch RPC pipe filesystem directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_cgroup_files(
	
		domain
		
	)

Summary

Write cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_nfs_files(
	
		domain
		
	)

Summary

Read files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_ramfs_pipes(
	
		domain
		
	)

Summary

Write to named pipe on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_ramfs_sockets(
	
		domain
		
	)

Summary

Write to named socket on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_tracefs_files(
	
		domain
		
	)

Summary

Read/write trace filesystem files

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_xattr_type(
	
		domain
		
	)

Summary

Transform specified type into a filesystem type which has extended attribute support.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return