Layer: kernel

Module: selinux

Booleans Interfaces

Description:

Policy for kernel security interface, in particular, selinuxfs.

This module is required to be included in all policies.

Booleans:

secure_mode_policyload

Default value

false

Description

Boolean to determine whether the system permits loading policy, and setting enforcing mode. Set this to true and you have to reboot to set it back.

secure_mode_setbool

Default value

false

Description

Boolean to determine whether the system permits setting Booelan values.

Return

Interfaces:

selinux_compute_access_vector(
	
		domain
		
	)

Summary

Allows caller to compute an access vector.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_compute_create_context(
	
		domain
		
	)

Summary

Calculate the default type for object creation.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_compute_member(
	
		domain
		
	)

Summary

Allows caller to compute polyinstatntiated directory members.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_compute_relabel_context(
	
		domain
		
	)

Summary

Calculate the context for relabeling objects.

Description

Calculate the context for relabeling objects. This is determined by using the type_change rules in the policy, and is generally used for determining the context for relabeling a terminal when a user logs in.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_compute_user_contexts(
	
		domain
		
	)

Summary

Allows caller to compute possible contexts for a user.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_dontaudit_get_fs_mount(
	
		domain
		
	)

Summary

Do not audit attempts to get the mountpoint of the selinuxfs filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

selinux_dontaudit_getattr_dir(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the selinuxfs directory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

selinux_dontaudit_getattr_fs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of the selinuxfs filesystem

Parameters

Parameter:	Description:
domain	Domain to not audit.

selinux_dontaudit_read_fs(
	
		domain
		
	)

Summary

Do not audit attempts to read generic selinuxfs entries

Parameters

Parameter:	Description:
domain	Domain to not audit.

selinux_dontaudit_search_fs(
	
		domain
		
	)

Summary

Do not audit attempts to search selinuxfs.

Parameters

Parameter:	Description:
domain	Domain to not audit.

selinux_dontaudit_validate_context(
	
		domain
		
	)

Summary

Do not audit attempts to validate security contexts.

Parameters

Parameter:	Description:
domain	Domain to not audit.

selinux_get_all_booleans(
	
		domain
		
	)

Summary

Allow caller to get the state of all Booleans to view conditional portions of the policy.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_get_enforce_mode(
	
		domain
		
	)

Summary

Allows the caller to get the mode of policy enforcement (enforcing or permissive mode).

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_get_fs_mount(
	
		domain
		
	)

Summary

Get the mountpoint of the selinuxfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_getattr_fs(
	
		domain
		
	)

Summary

Get the attributes of the selinuxfs filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_labeled_boolean(
	
		type
		
			,
		
		boolean
		
	)

Summary

Make the specified type used for labeling SELinux Booleans. This interface is only usable in the base module.

Description

Make the specified type used for labeling SELinux Booleans.

This makes use of genfscon statements, which are only available in the base module. Thus any module which calls this interface must be included in the base module.

Parameters

Parameter:	Description:
type	Type used for labeling a Boolean.
boolean	Name of the Boolean.

selinux_load_policy(
	
		domain
		
	)

Summary

Allow caller to load the policy into the kernel.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_mount_fs(
	
		domain
		
	)

Summary

Mount the selinuxfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_mounton_fs(
	
		domain
		
	)

Summary

Mount on the selinuxfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_read_policy(
	
		domain
		
	)

Summary

Allow caller to read the policy from the kernel.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_remount_fs(
	
		domain
		
	)

Summary

Remount the selinuxfs filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_search_fs(
	
		domain
		
	)

Summary

Search selinuxfs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_set_all_booleans(
	
		domain
		
	)

Summary

Allow caller to set the state of all Booleans to enable or disable conditional portions of the policy.

Description

Allow caller to set the state of all Booleans to enable or disable conditional portions of the policy.

Since this is a security event, this action is always audited.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_set_enforce_mode(
	
		domain
		
	)

Summary

Allow caller to set the mode of policy enforcement (enforcing or permissive mode).

Description

Allow caller to set the mode of policy enforcement (enforcing or permissive mode).

Since this is a security event, this action is always audited.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_set_generic_booleans(
	
		domain
		
	)

Summary

Allow caller to set the state of generic Booleans to enable or disable conditional portions of the policy.

Description

Allow caller to set the state of generic Booleans to enable or disable conditional portions of the policy.

Since this is a security event, this action is always audited.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_set_parameters(
	
		domain
		
	)

Summary

Allow caller to set SELinux access vector cache parameters.

Description

Allow caller to set SELinux access vector cache parameters. The allows the domain to set performance related parameters of the AVC, such as cache threshold.

Since this is a security event, this action is always audited.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_unconfined(
	
		domain
		
	)

Summary

Unconfined access to the SELinux kernel security server.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_unmount_fs(
	
		domain
		
	)

Summary

Unmount the selinuxfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_use_status_page(
	
		domain
		
	)

Summary

Allows the caller to use the SELinux status page.

Parameters

Parameter:	Description:
domain	Domain allowed access.

selinux_validate_context(
	
		domain
		
	)

Summary

Allows caller to validate security contexts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return