Layer: kernel

Module: storage

Description:

Policy controlling access to storage devices

Interfaces:

storage_create_fixed_disk_dev(
	
		domain
		
	)

Summary

Allow the caller to create fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_delete_fixed_disk_dev(
	
		domain
		
	)

Summary

Allow the caller to delete fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_dev_filetrans_fixed_disk(
	
		domain
		
			,
		
		filename
		
	)

Summary

Create block devices in /dev with the fixed disk type via an automatic type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
filename	Optional filename of the block device to be created

storage_dev_filetrans_fixed_disk_control(
	
		domain
		
			,
		
		filename
		
	)

Summary

Create char devices in /dev with the fixed disk type via an automatic type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
filename	Optional filename of the char device to be created

storage_dontaudit_getattr_fixed_disk_dev(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to get the attributes of fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_getattr_removable_dev(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to get the attributes of removable devices device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_raw_read_removable_device(
	
		domain
		
	)

Summary

Do not audit attempts to directly read removable devices.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_raw_write_removable_device(
	
		domain
		
	)

Summary

Do not audit attempts to directly write removable devices.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_read_fixed_disk(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to read fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_read_removable_device(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to read removable devices device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_rw_fuse(
	
		domain
		
	)

Summary

Do not audit attempts to read or write fuse device interfaces.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_rw_scsi_generic(
	
		domain
		
	)

Summary

Do not audit attempts to read or write SCSI generic device interfaces.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_setattr_fixed_disk_dev(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to set the attributes of fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_setattr_removable_dev(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to set the attributes of removable devices device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_write_fixed_disk(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to write fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_dontaudit_write_removable_device(
	
		domain
		
	)

Summary

Do not audit attempts made by the caller to write removable devices device nodes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

storage_getattr_fixed_disk_dev(
	
		domain
		
	)

Summary

Allow the caller to get the attributes of fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_getattr_fuse_dev(
	
		domain
		
	)

Summary

Allow the caller to get the attributes of device nodes of fuse devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_getattr_removable_dev(
	
		domain
		
	)

Summary

Allow the caller to get the attributes of removable devices device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_getattr_scsi_generic_dev(
	
		domain
		
	)

Summary

Allow the caller to get the attributes of the generic SCSI interface device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_getattr_tape_dev(
	
		domain
		
	)

Summary

Allow the caller to get the attributes of device nodes of tape devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_manage_fixed_disk(
	
		domain
		
	)

Summary

Create, read, write, and delete fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_raw_read_fixed_disk(
	
		domain
		
	)

Summary

Allow the caller to directly read from a fixed disk. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_raw_read_fixed_disk_cond(
	
		domain
		
			,
		
		tunable
		
	)

Summary

Allow the caller to directly read from a fixed disk if a tunable is set. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.
tunable	Tunable to depend on

storage_raw_read_removable_device(
	
		domain
		
	)

Summary

Allow the caller to directly read from a removable device. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_raw_rw_fixed_disk(
	
		domain
		
	)

Summary

Allow the caller to directly read and write to a fixed disk. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_raw_write_fixed_disk(
	
		domain
		
	)

Summary

Allow the caller to directly write to a fixed disk. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_raw_write_removable_device(
	
		domain
		
	)

Summary

Allow the caller to directly write to a removable device. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_read_scsi_generic(
	
		domain
		
	)

Summary

Allow the caller to directly read, in a generic fashion, from any SCSI device. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_read_tape(
	
		domain
		
	)

Summary

Allow the caller to directly read a tape device.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_relabel_fixed_disk(
	
		domain
		
	)

Summary

Relabel fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_rw_fuse(
	
		domain
		
	)

Summary

read or write fuse device interfaces.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_setattr_fixed_disk_dev(
	
		domain
		
	)

Summary

Allow the caller to set the attributes of fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_setattr_removable_dev(
	
		domain
		
	)

Summary

Allow the caller to set the attributes of removable devices device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_setattr_scsi_generic_dev(
	
		domain
		
	)

Summary

Allow the caller to set the attributes of the generic SCSI interface device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_setattr_scsi_generic_dev_dev(
	
		domain
		
	)

Summary

Set attributes of the device nodes for the SCSI generic interface.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_setattr_tape_dev(
	
		domain
		
	)

Summary

Allow the caller to set the attributes of device nodes of tape devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_swapon_fixed_disk(
	
		domain
		
	)

Summary

Enable a fixed disk device as swap space

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_tmpfs_filetrans_fixed_disk(
	
		domain
		
	)

Summary

Create block devices in on a tmpfs filesystem with the fixed disk type via an automatic type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_unconfined(
	
		domain
		
	)

Summary

Unconfined access to storage devices.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_watch_fixed_disk(
	
		domain
		
	)

Summary

Watch fixed disk device nodes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_write_scsi_generic(
	
		domain
		
	)

Summary

Allow the caller to directly write, in a generic fashion, from any SCSI device. This is extremely dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

storage_write_tape(
	
		domain
		
	)

Summary

Allow the caller to directly write a tape device.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return