Layer: system

Module: init

Tunables Interfaces

Description:

System initialization programs (init and init scripts).

Tunables:

init_create_mountpoints

Default value

false

Description

Enable systemd to create mountpoints.

init_daemons_use_tty

Default value

false

Description

Allow all daemons the ability to read/write terminals

init_mounton_non_security

Default value

false

Description

Enable systemd to mount on all non-security files.

init_upstart

Default value

false

Description

Enable support for upstart as the init program.

Return

Interfaces:

init_abstract_socket_activation(
	
		domain
		
	)

Summary

Abstract socket service activation (systemd).

Parameters

Parameter:	Description:
domain	The domain to be started by systemd socket activation.

init_admin(
	
		domain
		
	)

Summary

Allow unconfined access to send instructions to init

Parameters

Parameter:	Description:
domain	Target domain

init_all_labeled_script_domtrans(
	
		domain
		
	)

Summary

Transition to the init script domain for all labeled init script types

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

init_create_mountpoint_files(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Create systemd mountpoint files.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

init_create_runtime_dirs(
	
		domain
		
	)

Summary

Create a directory in the /run/systemd directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_create_runtime_files(
	
		domain
		
	)

Summary

Create init runtime files, e.g. in /run/systemd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_daemon_domain(
	
		domain
		
			,
		
		entry_point
		
	)

Summary

Create a domain for long running processes (daemons/services) which are started by init scripts.

Description

Create a domain for long running processes (daemons/services) which are started by init scripts. Short running processes should use the init_system_domain() interface instead. Typically all long running processes started by an init script (usually in /etc/init.d) will need to use this interface.

The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.

If the process must also run in a specific MLS/MCS level, the init_ranged_daemon_domain() should be used instead.

Parameters

Parameter:	Description:
domain	Type to be used as a daemon domain.
entry_point	Type of the program to be used as an entry point to this domain.

init_daemon_lock_file(
	
		filetype
		
			,
		
		class
		
			,
		
		filename
		
	)

Summary

Mark the file type as a daemon lock file, allowing initrc_t to create it

Parameters

Parameter:	Description:
filetype	Type to mark as a daemon lock file
class	Class on which the type is applied
filename	Filename of the file that the init script creates

init_daemon_runtime_file(
	
		filetype
		
			,
		
		class
		
			,
		
		filename
		
	)

Summary

Mark the file type as a daemon runtime file, allowing initrc_t to create it

Parameters

Parameter:	Description:
filetype	Type to mark as a daemon pid file
class	Class on which the type is applied
filename	Filename of the file that the init script creates

init_dbus_chat(
	
		domain
		
	)

Summary

Send and receive messages from systemd over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_dbus_chat_script(
	
		domain
		
	)

Summary

Send and receive messages from init scripts over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_dbus_send_script(
	
		domain
		
	)

Summary

Send messages to init scripts over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_delete_runtime_files(
	
		domain
		
	)

Summary

Delete init_runtime_t files

Parameters

Parameter:	Description:
domain	domain

init_dgram_send(
	
		domain
		
	)

Summary

Send messages to init unix datagram sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_disable(
	
		domain
		
	)

Summary

Disable all services (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_domain(
	
		domain
		
			,
		
		entry_point
		
	)

Summary

Create a domain which can be started by init.

Parameters

Parameter:	Description:
domain	Type to be used as a domain.
entry_point	Type of the program to be used as an entry point to this domain.

init_domtrans(
	
		domain
		
	)

Summary

Execute init (/sbin/init) with a domain transition.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

init_domtrans_labeled_script(
	
		domain
		
	)

Summary

Execute labelled init scripts with an automatic domain transition.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

init_domtrans_script(
	
		domain
		
	)

Summary

Execute init scripts with an automatic domain transition.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

init_dontaudit_getattr_initctl(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of initctl.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_lock_utmp(
	
		domain
		
	)

Summary

Do not audit attempts to lock init script pid files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_read_all_script_files(
	
		domain
		
	)

Summary

Dontaudit read all init script files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_read_script_status_files(
	
		domain
		
	)

Summary

Do not audit attempts to read init script status files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_read_state(
	
		domain
		
	)

Summary

Dontaudit read the process state (/proc/pid) of init.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_rw_initctl(
	
		domain
		
	)

Summary

Do not audit attempts to read and write initctl.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_rw_utmp(
	
		domain
		
	)

Summary

Do not audit attempts to read and write utmp.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_search_keys(
	
		domain
		
	)

Summary

Do not audit attempts to search init keys.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_dontaudit_stream_connect_script(
	
		domain
		
	)

Summary

Dont audit the specified domain connecting to init scripts with a unix domain stream socket.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_use_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit file descriptors from init.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_use_script_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit init script file descriptors.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_use_script_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to read and write the init script pty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_write_runtime_socket(
	
		domain
		
	)

Summary

Do not audit attempts to write to init sock files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dontaudit_write_utmp(
	
		domain
		
	)

Summary

Do not audit attempts to write utmp.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_dyntrans(
	
		domain
		
	)

Summary

Allow domain dyntransition to init_t domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

init_enable(
	
		domain
		
	)

Summary

Enable all systemd services (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_exec(
	
		domain
		
	)

Summary

Execute the init program in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_exec_all_script_files(
	
		domain
		
	)

Summary

Execute all init scripts in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_exec_rc(
	
		domain
		
	)

Summary

Execute the rc application in the caller domain.

Description

This is only applicable to Gentoo or distributions that use the OpenRC init system.

The OpenRC /sbin/rc binary is used for both init scripts as well as management applications and tools. When used for management purposes, calling /sbin/rc should never cause a transition to initrc_t.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_exec_script_files(
	
		domain
		
	)

Summary

Execute init scripts in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_get_all_units_status(
	
		domain
		
	)

Summary

Get status of all systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_get_generic_units_status(
	
		domain
		
	)

Summary

Get status of generic systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_get_script_status(
	
		domain
		
	)

Summary

Allow getting service status of initrc_exec_t scripts

Parameters

Parameter:	Description:
domain	Target domain

init_get_system_status(
	
		domain
		
	)

Summary

Get all service status (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_get_transient_units_status(
	
		domain
		
	)

Summary

Get status of transient systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr(
	
		domain
		
	)

Summary

get init process stats

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_all_script_files(
	
		domain
		
	)

Summary

Get the attribute of all init script entrypoint files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_all_unit_files(
	
		domain
		
	)

Summary

stat systemd unit files

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_all_units(
	
		domain
		
	)

Summary

getattr all systemd unit files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_generic_units_files(
	
		domain
		
	)

Summary

Get the attributes of systemd unit files

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_initctl(
	
		domain
		
	)

Summary

Get the attributes of initctl.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_script_files(
	
		domain
		
	)

Summary

Get the attribute of init script entrypoint files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_script_status_files(
	
		domain
		
	)

Summary

Get the attributes of init script status files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getattr_utmp(
	
		domain
		
	)

Summary

Get the attributes of init script process id files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getpgid(
	
		domain
		
	)

Summary

Get the process group of init.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getpgid_script(
	
		domain
		
	)

Summary

Get the process group ID of init scripts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_getrlimit(
	
		domain
		
	)

Summary

Allow getting init_t rlimit

Parameters

Parameter:	Description:
domain	Source domain

init_kill_scripts(
	
		domain
		
	)

Summary

Send a kill signal to init scripts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_labeled_script_domtrans(
	
		domain
		
			,
		
		init_script_file
		
	)

Summary

Transition to the init script domain on a specified labeled init script.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
init_script_file	Labeled init script file.

init_linkable_keyring(
	
		domain
		
	)

Summary

Associate the specified domain to be a domain whose keyring init should be allowed to link.

Parameters

Parameter:	Description:
domain	Domain whose keyring init should be allowed to link.

init_list_runtime(
	
		domain
		
	)

Summary

List init runtime directories, e.g. /run/systemd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_list_unit_dirs(
	
		domain
		
	)

Summary

List systemd unit dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_list_var_lib_dirs(
	
		domain
		
	)

Summary

List /var/lib/systemd/ dir

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_manage_all_unit_files(
	
		domain
		
	)

Summary

Manage systemd unit dirs and the files in them

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_manage_all_units(
	
		domain
		
	)

Summary

All perms on all systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_manage_runtime_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in the /run/systemd directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_manage_runtime_symlinks(
	
		domain
		
	)

Summary

Create init runtime symbolic links, e.g. in /run/systemd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_manage_script_service(
	
		domain
		
	)

Summary

Allow manage service for initrc_exec_t scripts

Parameters

Parameter:	Description:
domain	Target domain

init_manage_utmp(
	
		domain
		
	)

Summary

Create, read, write, and delete utmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_manage_var_lib_files(
	
		domain
		
	)

Summary

Manage files in /var/lib/systemd/.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_mountpoint(
	
		file_type
		
	)

Summary

Make the specified type usable as a mountpoint.

Description

Make the specified type usable as a mountpoint. This is normally used for systemd BindPaths options.

Parameters

Parameter:	Description:
file_type	Type to be used as a mountpoint.

init_named_socket_activation(
	
		domain
		
			,
		
		sock_file
		
	)

Summary

Named socket service activation (systemd).

Parameters

Parameter:	Description:
domain	The domain to be started by systemd socket activation.
sock_file	The domain socket file type.

init_path_unit_location_file(
	
		script_file
		
	)

Summary

Create a file type monitored by a systemd path unit.

Parameters

Parameter:	Description:
script_file	Type to be used for a path unit monitored location.

init_pgm_entrypoint(
	
		domain
		
	)

Summary

Allow the init program to be an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_pgm_spec_user_daemon_domain(
	
		domain
		
	)

Summary

Execute init (/sbin/init) with a domain transition to the provided domain.

Description

Execute init (/sbin/init) with a domain transition to the provided domain. This is used by systemd to execute the systemd user session.

Parameters

Parameter:	Description:
domain	The type to be used as a systemd --user domain.

init_ptrace(
	
		domain
		
	)

Summary

Ptrace init

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_ranged_daemon_domain(
	
		domain
		
			,
		
		entry_point
		
			,
		
		range
		
	)

Summary

Create a domain for long running processes (daemons/services) which are started by init scripts, running at a specified MLS/MCS range.

Description

Create a domain for long running processes (daemons/services) which are started by init scripts, running at a specified MLS/MCS range. Short running processes should use the init_ranged_system_domain() interface instead. Typically all long running processes started by an init script (usually in /etc/init.d) will need to use this interface if they need to run in a specific MLS/MCS range.

The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.

If the policy build option TYPE is standard (MLS and MCS disabled), this interface has the same behavior as init_daemon_domain().

Parameters

Parameter:	Description:
domain	Type to be used as a daemon domain.
entry_point	Type of the program to be used as an entry point to this domain.
range	MLS/MCS range for the domain.

init_ranged_domain(
	
		domain
		
			,
		
		entry_point
		
			,
		
		range
		
	)

Summary

Create a domain which can be started by init, with a range transition.

Parameters

Parameter:	Description:
domain	Type to be used as a domain.
entry_point	Type of the program to be used as an entry point to this domain.
range	Range for the domain.

init_ranged_system_domain(
	
		domain
		
			,
		
		entry_point
		
			,
		
		range
		
	)

Summary

Create a domain for short running processes which are started by init scripts.

Description

Create a domain for long running processes (daemons/services) which are started by init scripts. These are generally applications that are used to initialize the system during boot. Long running processes should use the init_ranged_system_domain() interface instead. Typically all short running processes started by an init script (usually in /etc/init.d) will need to use this interface if they need to run in a specific MLS/MCS range.

The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.

If the policy build option TYPE is standard (MLS and MCS disabled), this interface has the same behavior as init_system_domain().

Parameters

Parameter:	Description:
domain	Type to be used as a system domain.
entry_point	Type of the program to be used as an entry point to this domain.
range	Range for the domain.

init_read_all_script_files(
	
		domain
		
	)

Summary

Read all init script files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_generic_units_files(
	
		domain
		
	)

Summary

Read systemd unit files

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_generic_units_symlinks(
	
		domain
		
	)

Summary

Read systemd unit links

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_runtime_files(
	
		domain
		
	)

Summary

Read init_runtime_t files

Parameters

Parameter:	Description:
domain	domain

init_read_runtime_pipes(
	
		domain
		
	)

Summary

Read init unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_runtime_symlinks(
	
		domain
		
	)

Summary

read systemd unit symlinks (usually under /run/systemd/units/)

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_script_files(
	
		domain
		
	)

Summary

Read init scripts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_script_state(
	
		domain
		
	)

Summary

Read the process state (/proc/pid) of the init scripts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_script_tmp_files(
	
		domain
		
	)

Summary

Read init script temporary data.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_state(
	
		domain
		
	)

Summary

Read the process state (/proc/pid) of init.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_utmp(
	
		domain
		
	)

Summary

Read utmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_read_var_lib_links(
	
		domain
		
	)

Summary

read/follow symlinks under /var/lib/systemd/

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_reboot_system(
	
		domain
		
	)

Summary

Reboot the system (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_relabel_utmp(
	
		domain
		
	)

Summary

Relabel utmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_relabel_var_lib_dirs(
	
		domain
		
	)

Summary

Relabel dirs in /var/lib/systemd/.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_reload(
	
		domain
		
	)

Summary

Reload all services (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_reload_all_units(
	
		domain
		
	)

Summary

Reload all systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_reload_generic_units(
	
		domain
		
	)

Summary

Reload generic systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_reload_transient_units(
	
		domain
		
	)

Summary

Reload transient systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rename_runtime_files(
	
		domain
		
	)

Summary

Rename init_runtime_t files

Parameters

Parameter:	Description:
domain	domain

init_restart_units(
	
		domain
		
	)

Summary

restart systemd units, for /run/systemd/transient/*

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_run_bpf(
	
		domain
		
	)

Summary

Run init BPF programs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_run_daemon(
	
		domain
		
			,
		
		role
		
	)

Summary

Start and stop daemon programs directly.

Description

Start and stop daemon programs directly in the traditional "/etc/init.d/daemon start" style, and do not require run_init.

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	The role to be performing this action.

init_runtime_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create files in an init runtime directory with a private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	The type of the object to be created
object_class	The object class.
name	The name of the object being created.

init_runtime_filetrans_utmp(
	
		domain
		
	)

Summary

Create files in /var/run with the utmp file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_inherited_script_tmp_files(
	
		domain
		
	)

Summary

Read and write init script inherited temporary data.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_inherited_stream_socket(
	
		domain
		
	)

Summary

Read and write to inherited init unix streams.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_initctl(
	
		domain
		
	)

Summary

Read and write initctl.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_script_pipes(
	
		domain
		
	)

Summary

Read and write init script unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_script_stream_sockets(
	
		domain
		
	)

Summary

Allow the specified domain to read/write to init scripts with a unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_script_tmp_files(
	
		domain
		
	)

Summary

Read and write init script temporary data.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_stream_sockets(
	
		domain
		
	)

Summary

Allow the specified domain to read/write to init with unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_rw_utmp(
	
		domain
		
	)

Summary

Read and write utmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_script_domain(
	
		domain
		
			,
		
		script_file
		
	)

Summary

Create a domain used for init scripts.

Description

Create a domain used for init scripts. Can not be used in conjunction with init_script_file().

Parameters

Parameter:	Description:
domain	Type to be used as an init script domain.
script_file	Type of the script file used as an entry point to this domain.

init_script_file(
	
		script_file
		
	)

Summary

Create a file type used for init scripts.

Description

Create a file type used for init scripts. It can not be used in conjunction with init_script_domain(). These script files are typically stored in the /etc/init.d directory.

Typically this is used to constrain what services an admin can start/stop. For example, a policy writer may want to constrain a web administrator to only being able to restart the web server, not other services. This special type will help address that goal.

This also makes the type usable for files; thus an explicit call to files_type() is redundant.

Parameters

Parameter:	Description:
script_file	Type to be used for a script file.

init_script_file_domtrans(
	
		source_domain
		
			,
		
		target_domain
		
	)

Summary

Execute a init script in a specified domain.

Description

Execute a init script in a specified domain.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:
source_domain	Domain allowed to transition.
target_domain	Domain to transition to.

init_script_file_entry_type(
	
		domain
		
	)

Summary

Make init scripts an entry point for the specified domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_script_tmp_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create files in a init script temporary data directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	The type of the object to be created
object_class	The object class.
name	The name of the object being created.

init_search_keys(
	
		domain
		
	)

Summary

Allow searching init_t keys

Parameters

Parameter:	Description:
domain	Source domain

init_search_run(
	
		domain
		
	)

Summary

Search the /run/systemd directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_search_runtime(
	
		domain
		
	)

Summary

Search init runtime directories, e.g. /run/systemd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_search_script_keys(
	
		domain
		
	)

Summary

Search init script keys.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_search_units(
	
		domain
		
	)

Summary

Search systemd unit dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_search_var_lib_dirs(
	
		domain
		
	)

Summary

Search /var/lib/systemd/ dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_service_start(
	
		domain
		
	)

Summary

Allow specified domain to get init start

Parameters

Parameter:	Description:
domain	Domain to allow access.

init_service_status(
	
		domain
		
	)

Summary

Allow specified domain to get init status

Parameters

Parameter:	Description:
domain	Domain to allow access.

init_setattr_runtime_files(
	
		domain
		
	)

Summary

Setattr init_runtime_t files

Parameters

Parameter:	Description:
domain	domain

init_setsched(
	
		domain
		
	)

Summary

Set the nice level of init.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_shutdown_system(
	
		domain
		
	)

Summary

Shutdown (halt) the system (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_sigchld(
	
		domain
		
	)

Summary

Send init a SIGCHLD signal.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_sigchld_script(
	
		domain
		
	)

Summary

Send SIGCHLD signals to init scripts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_signal(
	
		domain
		
	)

Summary

Send init a generic signal.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_signal_script(
	
		domain
		
	)

Summary

Send generic signals to init scripts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_signull(
	
		domain
		
	)

Summary

Send init a null signal.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_signull_script(
	
		domain
		
	)

Summary

Send null signals to init scripts.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_spec_daemon_domain(
	
		domain
		
			,
		
		entry_point
		
	)

Summary

Setup a domain which can be manually transitioned to from init.

Description

Create a domain used for systemd services where the SELinuxContext option is specified in the .service file. This allows for the manual transition from systemd into the new domain. This is used when automatic transitions won't work. Used for the case where the same binary is used for multiple target domains.

Parameters

Parameter:	Description:
domain	Type to be used as a domain.
entry_point	Type of the program being executed when starting this domain.

init_spec_domtrans_script(
	
		domain
		
	)

Summary

Execute init scripts with a specified domain transition.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

init_start_all_units(
	
		domain
		
	)

Summary

Start all systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_start_generic_units(
	
		domain
		
	)

Summary

Start generic systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_start_system(
	
		domain
		
	)

Summary

start service (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_start_transient_units(
	
		domain
		
	)

Summary

Start transient systemd units.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_startstop_all_script_services(
	
		domain
		
	)

Summary

Start and stop init_script_file_type services

Parameters

Parameter:	Description:
domain	domain that can start and stop the services

init_startstop_service(
	
		domain
		
			,
		
		role
		
			,
		
		domain
		
			,
		
		init_script_file
		
			,
		
		unit
		
	)

Summary

Allow the role to start and stop labeled services.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	The role to be performing this action.
domain	Type to be used as a daemon domain.
init_script_file	Labeled init script file.
unit	Systemd unit file type.

init_stop_all_units(
	
		domain
		
	)

Summary

Stop all systemd units.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_stop_generic_units(
	
		domain
		
	)

Summary

Stop generic systemd units.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_stop_system(
	
		domain
		
	)

Summary

stop service (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_stop_transient_units(
	
		domain
		
	)

Summary

Stop transient systemd units.

Parameters

Parameter:	Description:
domain	Domain to not audit.

init_stream_connect(
	
		domain
		
	)

Summary

Connect to init with a unix socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_stream_connect_script(
	
		domain
		
	)

Summary

Allow the specified domain to connect to init scripts with a unix socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_system_domain(
	
		domain
		
			,
		
		entry_point
		
	)

Summary

Create a domain for short running processes which are started by init scripts.

Description

Create a domain for short running processes which are started by init scripts. These are generally applications that are used to initialize the system during boot. Long running processes, such as daemons/services should use the init_daemon_domain() interface instead. Typically all short running processes started by an init script (usually in /etc/init.d) will need to use this interface.

The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.

If the process must also run in a specific MLS/MCS level, the init_ranged_system_domain() should be used instead.

Parameters

Parameter:	Description:
domain	Type to be used as a system domain.
entry_point	Type of the program to be used as an entry point to this domain.

init_tcp_recvfrom_all_daemons(
	
		domain
		
	)

Summary

Allow the specified domain to connect to daemon with a tcp socket

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_telinit(
	
		domain
		
	)

Summary

Use telinit (Read and write initctl).

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_udp_recvfrom_all_daemons(
	
		domain
		
	)

Summary

Allow the specified domain to connect to daemon with a udp socket

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_unit_file(
	
		type
		
	)

Summary

Make the specified type usable for systemd unit files.

Parameters

Parameter:	Description:
type	Type to be used for systemd unit files.

init_unix_stream_socket_connectto(
	
		domain
		
	)

Summary

Connect to init with a unix socket. Without any additional permissions.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_use_fds(
	
		domain
		
	)

Summary

Inherit and use file descriptors from init.

Description

Allow the specified domain to inherit file descriptors from the init program (process ID 1). Typically the only file descriptors to be inherited from init are for the console. This does not allow the domain any access to the object to which the file descriptors references.

Related interfaces:

init_dontaudit_use_fds()

term_dontaudit_use_console()

term_use_console()

Example usage:

init_use_fds(mydomain_t) term_use_console(mydomain_t)

Normally, processes that can inherit these file descriptors (usually services) write messages to the system log instead of writing to the console. Therefore, in many cases, this access should dontaudited instead.

Example dontaudit usage:

init_dontaudit_use_fds(mydomain_t) term_dontaudit_use_console(mydomain_t)

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_use_inherited_script_ptys(
	
		domain
		
	)

Summary

Read and write inherited init script ptys.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_use_script_fds(
	
		domain
		
	)

Summary

Inherit and use init script file descriptors.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_use_script_ptys(
	
		domain
		
	)

Summary

Read and write the init script pty.

Description

Read and write the init script pty. This pty is generally opened by the open_init_pty portion of the run_init program so that the daemon does not require direct access to the administrator terminal.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_var_lib_filetrans(
	
		domain
		
			,
		
		type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create files in /var/lib/systemd with an automatic type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
type	The type of object to be created
object_class	The object class.
name	The name of the object being created.

init_watch_utmp(
	
		domain
		
	)

Summary

Add a watch on utmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_write_initctl(
	
		domain
		
	)

Summary

Write to initctl.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_write_mountpoint_files(
	
		domain
		
			,
		
		exception_types
		
	)

Summary

Write systemd mountpoint files.

Parameters

Parameter:	Description:
domain	Domain allowed access.
exception_types	The types to be excluded. Each type or attribute must be negated by the caller.

init_write_runtime_files(
	
		domain
		
	)

Summary

Write init runtime files, e.g. in /run/systemd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_write_runtime_socket(
	
		domain
		
	)

Summary

Allow the specified domain to write to init sock file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_write_script_pipes(
	
		domain
		
	)

Summary

Write an init script unnamed pipe.

Parameters

Parameter:	Description:
domain	Domain allowed access.

init_write_utmp(
	
		domain
		
	)

Summary

Write to utmp.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return