Layer: system

Module: selinuxutil

Description:

Policy for SELinux policy and userland applications.

Interfaces:

seutil_create_bin_policy(
	
		domain
		
	)

Summary

Create the SELinux binary policy.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_domtrans_checkpolicy(
	
		domain
		
	)

Summary

Execute checkpolicy in the checkpolicy domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

seutil_domtrans_loadpolicy(
	
		domain
		
	)

Summary

Execute load_policy in the load_policy domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

seutil_domtrans_newrole(
	
		domain
		
	)

Summary

Execute newrole in the newole domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

seutil_domtrans_runinit(
	
		domain
		
	)

Summary

Execute run_init in the run_init domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

seutil_domtrans_semanage(
	
		domain
		
	)

Summary

Execute a domain transition to run semanage.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

seutil_domtrans_setfiles(
	
		domain
		
	)

Summary

Execute setfiles in the setfiles domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

seutil_dontaudit_exec_semanage(
	
		domain
		
	)

Summary

Do not audit attempts to execute semanage.

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_dontaudit_exec_setfiles(
	
		domain
		
	)

Summary

Do not audit attempts to execute setfiles.

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_dontaudit_libselinux_linked(
	
		domain
		
	)

Summary

Do not audit SELinux-enabled program access for libselinux-linked programs.

Description

SELinux-enabled programs are typically linked to the libselinux library. This interface will dontaudit access required for the libselinux constructor to function.

Generally this should not be used on anything but simple SELinux-enabled programs that do not rely on data initialized by the libselinux constructor.

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_dontaudit_read_config(
	
		domain
		
	)

Summary

Do not audit attempts to read the SELinux userland configuration (/etc/selinux).

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_dontaudit_read_file_contexts(
	
		domain
		
	)

Summary

Do not audit attempts to read the file_contexts files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_dontaudit_search_config(
	
		domain
		
	)

Summary

Do not audit attempts to search the SELinux configuration directory (/etc/selinux).

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_dontaudit_signal_newrole(
	
		domain
		
	)

Summary

Do not audit the caller attempts to send a signal to newrole.

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_dontaudit_use_newrole_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit and use newrole file descriptors.

Parameters

Parameter:	Description:
domain	Domain to not audit.

seutil_exec_checkpolicy(
	
		domain
		
	)

Summary

Execute checkpolicy in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_exec_loadpolicy(
	
		domain
		
	)

Summary

Execute load_policy in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_exec_newrole(
	
		domain
		
	)

Summary

Execute newrole in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_exec_setfiles(
	
		domain
		
	)

Summary

Execute setfiles in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_get_semanage_read_lock(
	
		domain
		
	)

Summary

Get read lock on module store

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_get_semanage_trans_lock(
	
		domain
		
	)

Summary

Get trans lock on module store

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_init_script_domtrans_runinit(
	
		domain
		
	)

Summary

Execute init scripts in the run_init domain.

Description

Execute init scripts in the run_init domain. This is used for the Gentoo integrated run_init.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

seutil_init_script_run_runinit(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute init scripts in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

Description

Execute init scripts in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

This is used for the Gentoo integrated run_init.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

seutil_labeled_init_script_domtrans_runinit(
	
		domain
		
			,
		
		domain
		
	)

Summary

Execute file in the run_init domain.

Description

Execute file in the run_init domain. This is used for the Gentoo integrated run_init.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
domain	Type of entry file.

seutil_labeled_init_script_run_runinit(
	
		domain
		
			,
		
		role
		
			,
		
		domain
		
	)

Summary

Execute specified file in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

Description

Execute specified file in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

This is used for the Gentoo integrated run_init.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.
domain	Type of init script.

seutil_libselinux_linked(
	
		domain
		
	)

Summary

SELinux-enabled program access for libselinux-linked programs.

Description

SELinux-enabled programs are typically linked to the libselinux library. This interface will allow access required for the libselinux constructor to function.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_manage_bin_policy(
	
		domain
		
	)

Summary

Create, read, write, and delete the SELinux binary policy.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_manage_config(
	
		domain
		
	)

Summary

Create, read, write, and delete the general selinux configuration files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_manage_config_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete the general selinux configuration directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_manage_default_contexts(
	
		domain
		
	)

Summary

Create, read, write, and delete the default_contexts files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_manage_file_contexts(
	
		domain
		
	)

Summary

Create, read, write, and delete the file_contexts files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_manage_module_store(
	
		domain
		
	)

Summary

Full management of the semanage module store.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_manage_src_policy(
	
		domain
		
	)

Summary

Create, read, write, and delete SELinux policy source files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_read_bin_policy(
	
		domain
		
	)

Summary

Read the SELinux binary policy.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_read_config(
	
		domain
		
	)

Summary

Read the general SELinux configuration files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_read_default_contexts(
	
		domain
		
	)

Summary

Read the default_contexts files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_read_file_contexts(
	
		domain
		
	)

Summary

Read the file_contexts files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_read_loadpolicy(
	
		domain
		
	)

Summary

Read the load_policy program file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_read_module_store(
	
		domain
		
	)

Summary

Read the semanage module store.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_read_src_policy(
	
		domain
		
	)

Summary

Read SELinux policy source files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_relabelto_bin_policy(
	
		domain
		
	)

Summary

Allow the caller to relabel a file to the binary policy type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_run_checkpolicy(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute checkpolicy in the checkpolicy domain, and allow the specified role the checkpolicy domain, and use the caller's terminal.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

seutil_run_loadpolicy(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute load_policy in the load_policy domain, and allow the specified role the load_policy domain, and use the caller's terminal.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

seutil_run_newrole(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute newrole in the newrole domain, and allow the specified role the newrole domain, and use the caller's terminal.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

seutil_run_runinit(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute run_init in the run_init domain, and allow the specified role the run_init domain, and use the caller's terminal.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

seutil_run_semanage(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute semanage in the semanage domain, and allow the specified role the semanage domain, and use the caller's terminal.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

seutil_run_setfiles(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute setfiles in the setfiles domain, and allow the specified role the setfiles domain, and use the caller's terminal.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

seutil_rw_config(
	
		domain
		
	)

Summary

Read and write the general SELinux configuration files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_rw_file_contexts(
	
		domain
		
	)

Summary

Read and write the file_contexts files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_search_default_contexts(
	
		domain
		
	)

Summary

Search the policy directory with default_context files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_sigchld_newrole(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to newrole.

Description

Allow the specified domain to send a SIGCHLD signal to newrole. This signal is automatically sent from a process that is terminating to its parent. This may be needed by domains that are executed from newrole.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_use_newrole_fds(
	
		domain
		
	)

Summary

Inherit and use newrole file descriptors.

Parameters

Parameter:	Description:
domain	Domain allowed access.

seutil_use_runinit_fds(
	
		domain
		
	)

Summary

Inherit and use run_init file descriptors.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return