Master template index:

Module: apache

Layer: services

apache_content_template( prefix )

Create a set of derived types for httpd web content.

Module: apache

Layer: services

apache_role( role_prefix , user_domain , user_exec_domain , role )

Role access for apache.

Module: authlogin

Layer: system

auth_role( role_prefix , user_domain , user_exec_domain , role )

Role access for password authentication.

Module: bluetooth

Layer: services

bluetooth_role( role_prefix , user_domain , user_exec_domain , role )

Role access for bluetooth.

Module: cdrecord

Layer: apps

cdrecord_role( role_prefix , user_domain , user_exec_domain , role )

Role access for cdrecord.

Module: cfengine

Layer: admin

cfengine_domain_template( domain_prefix )

The template to define a cfengine domain.

Module: chromium

Layer: apps

chromium_role( role_prefix , user_domain , user_exec_domain , role )

Role access for chromium

Module: condor

Layer: services

condor_domain_template( domain_prefix )

The template to define a condor domain.

Module: container

Layer: services

container_base_role( role_prefix , user_domain , user_exec_domain , role )

Base role access for containers. This grants all the rules necessary for common container usage.

Module: container

Layer: services

container_domain_template( domain_prefix )

The template to define a container domain.

Module: container

Layer: services

container_engine_domain_template( domain_prefix )

The template to define a container engine domain.

Module: container

Layer: services

container_system_role( role_prefix , user_domain , user_exec_domain , role )

Role access for system containers.

Module: container

Layer: services

container_unconfined_role( role_prefix , user_domain , user_exec_domain , role )

Unconfined role access for containers.

Module: container

Layer: services

container_user_role( role_prefix , user_domain , user_exec_domain , role )

Role access for user containers.

Module: courier

Layer: services

courier_domain_template( domain_prefix )

The template to define a courier domain.

Module: cron

Layer: services

cron_common_crontab_template( domain_prefix )

The template to define a crontab domain.

Module: cryfs

Layer: apps

cryfs_role( role_prefix , user_domain , user_exec_domain , role )

Role access for CryFS.

Module: dbus

Layer: services

dbus_connect_spec_session_bus( role_prefix , domain )

Acquire service on specified DBUS session bus.

Module: dbus

Layer: services

dbus_role_template( role_prefix , role , domain )

Role access for dbus.

Module: dbus

Layer: services

dbus_send_spec_session_bus( role_prefix , domain )

Send messages to specified DBUS session busses.

Module: dbus

Layer: services

dbus_spec_session_bus_client( role_prefix , domain )

Creating connections to specified DBUS session bus.

Module: dbus

Layer: services

dbus_spec_session_domain( role_prefix , domain , entry_point )

Allow a application domain to be started by the specified session bus.

Module: dirmngr

Layer: services

dirmngr_role( role_prefix , user_domain , user_exec_domain , role )

Role access for dirmngr.

Module: djbdns

Layer: services

djbdns_daemontools_domain_template( domain_prefix )

The template to define a djbdns domain.

Module: docker

Layer: services

docker_user_role( role_prefix , user_domain , user_exec_domain , role )

Role access for rootless docker.

Module: evolution

Layer: apps

evolution_role( role_prefix , user_domain , user_exec_domain , role )

Role access for evolution.

Module: games

Layer: apps

games_role( role_prefix , user_domain , user_exec_domain , role )

Role access for games.

Module: git

Layer: services

git_client_role_template( role_prefix , user_domain , user_exec_domain , role )

Role access for Git client.

Module: git

Layer: services

git_role( role_prefix , user_domain , user_exec_domain , role )

Role access for Git session.

Module: gnome

Layer: apps

gnome_dbus_chat_gkeyringd( role_prefix , domain )

Send and receive messages from gnome keyring daemon over dbus.

Module: gnome

Layer: apps

gnome_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for gnome.

Module: gnome

Layer: apps

gnome_stream_connect_gkeyringd( role_prefix , domain )

Connect to gnome keyring daemon with a unix stream socket.

Module: gpg

Layer: apps

gpg_role( role_prefix , user_domain , user_exec_domain , role )

Role access for gpg.

Module: hadoop

Layer: services

hadoop_domain_template( domain_prefix )

The template to define a hadoop domain.

Module: hadoop

Layer: services

hadoop_role( role_prefix , user_domain , user_exec_domain , role )

Role access for hadoop.

Module: irc

Layer: apps

irc_role( role_prefix , user_domain , user_exec_domain , role )

Role access for IRC.

Module: jabber

Layer: services

jabber_domain_template( domain_prefix )

The template to define a jabber domain.

Module: java

Layer: apps

java_role( role_prefix , user_domain , user_exec_domain , role )

Role access for java.

Module: java

Layer: apps

java_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the java module.

Module: libmtp

Layer: apps

libmtp_role( role_prefix , user_domain , user_exec_domain , role )

Role access for libmtp.

Module: likewise

Layer: services

likewise_domain_template( userdomain_prefix )

The template to define a likewise domain.

Module: lpd

Layer: services

lpd_role( role_prefix , user_domain , user_exec_domain , role )

Role access for lpd.

Module: mailman

Layer: services

mailman_domain_template( domain_prefix )

The template to define a mailman domain.

Module: milter

Layer: services

milter_template( domain_prefix )

The template to define a milter domain.

Module: mono

Layer: apps

mono_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the mono module.

Module: mozilla

Layer: apps

mozilla_role( role_prefix , user_domain , user_exec_domain , role )

Role access for mozilla.

Module: mplayer

Layer: apps

mplayer_role( role_prefix , user_domain , user_exec_domain , role )

Role access for mplayer

Module: mta

Layer: services

mta_base_mail_template( domain_prefix )

The template to define a mail domain.

Module: mta

Layer: services

mta_role( role_prefix , user_domain , user_exec_domain , role )

Role access for mta.

Module: munin

Layer: services

munin_plugin_template( domain_prefix )

The template to define a munin plugin domain.

Module: nagios

Layer: services

nagios_plugin_template( domain_prefix )

The template to define a nagios plugin domain.

Module: obex

Layer: services

obex_role_template( role_prefix , user_role , user_domain )

The role template for obex.

Module: openoffice

Layer: apps

ooffice_role( role_prefix , user_domain , user_exec_domain , role )

Role access for openoffice.

Module: podman

Layer: services

podman_conmon_domain_template( prefix , source_domain )

Template for conmon domains.

Module: podman

Layer: services

podman_user_role( role_prefix , user_domain , user_exec_domain , role )

Role access for rootless podman.

Module: postfix

Layer: services

postfix_domain_template( domain_prefix )

The template to define a postfix domain.

Module: postfix

Layer: services

postfix_server_domain_template( domain_prefix )

The template to define a postfix server domain.

Module: postfix

Layer: services

postfix_user_domain_template( domain_prefix )

The template to define a postfix user domain.

Module: postgresql

Layer: services

postgresql_role( role_prefix , user_domain , user_exec_domain , role )

Role access for SE-PostgreSQL.

Module: pulseaudio

Layer: apps

pulseaudio_role( role_prefix , user_domain , user_exec_domain , role )

Role access for pulseaudio.

Module: pyzor

Layer: services

pyzor_role( role_prefix , user_domain , user_exec_domain , role )

Role access for pyzor.

Module: qemu

Layer: apps

qemu_domain_template( domain_prefix )

The template to define a qemu domain.

Module: qmail

Layer: services

qmail_child_domain_template( child_prefix , parent_domain )

Template for qmail parent/sub-domain pairs.

Module: razor

Layer: services

razor_common_domain_template( domain_prefix )

The template to define a razor domain.

Module: razor

Layer: services

razor_role( role_prefix , user_domain , user_exec_domain , role )

Role access for razor.

Module: rootlesskit

Layer: services

rootlesskit_role( role_prefix , user_domain , user_exec_domain , role )

Role access for rootlesskit.

Module: rpc

Layer: services

rpc_domain_template( domain_prefix )

The template to define a rpc domain.

Module: rssh

Layer: apps

rssh_role( role_prefix , user_domain , user_exec_domain , role )

Role access for rssh.

Module: samhain

Layer: admin

samhain_service_template( domain_prefix )

The template to define a samhain domain.

Module: screen

Layer: apps

screen_role_template( role_prefix , user_domain , user_exec_domain , user_role )

The role template for the screen module.

Module: shutdown

Layer: admin

shutdown_role( role_prefix , user_domain , user_exec_domain , role )

Role access for shutdown.

Module: spamassassin

Layer: services

spamassassin_role( role_prefix , user_domain , user_exec_domain , role )

Role access for spamassassin.

Module: ssh

Layer: services

ssh_basic_client_template( userdomain_prefix , user_domain , user_role )

Basic SSH client template.

Module: ssh

Layer: services

ssh_role_template( role_prefix , user_domain , user_exec_domain , role )

Role access for ssh

Module: ssh

Layer: services

ssh_server_template( userdomain_prefix )

The template to define a ssh server.

Module: su

Layer: admin

su_restricted_domain_template( userdomain_prefix , user_domain , user_role )

Restricted su domain template.

Module: su

Layer: admin

su_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the su module.

Module: sudo

Layer: admin

sudo_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the sudo module.

Module: syncthing

Layer: apps

syncthing_role( role_prefix , user_domain , user_exec_domain , role )

Role access for Syncthing

Module: systemd

Layer: system

systemd_read_user_manager_state( prefix , domain )

Read the process state (/proc/pid) of the specified systemd user instance.

Module: systemd

Layer: system

systemd_role_template( prefix , role , userdomain )

Template for systemd --user per-role domains.

Module: systemd

Layer: system

systemd_user_app_status( prefix , domain )

Allow the target domain to be monitored and have its output captured by the specified systemd user instance domain.

Module: systemd

Layer: system

systemd_user_daemon_domain( prefix , entry_point , domain )

Allow the specified domain to be started as a daemon by the specified systemd user instance.

Module: systemd

Layer: system

systemd_user_manager_dbus_chat( prefix , domain )

Send and receive messages from the specified systemd user instance over dbus.

Module: systemd

Layer: system

systemd_user_manager_system_start( prefix , domain )

Send a start request to the specified systemd user instance system object.

Module: systemd

Layer: system

systemd_user_manager_system_status( prefix , domain )

Get the status of the specified systemd user instance system object.

Module: systemd

Layer: system

systemd_user_manager_system_stop( prefix , domain )

Send a stop request to the specified systemd user instance system object.

Module: systemd

Layer: system

systemd_user_send_systemd_notify( prefix , domain )

Allow the target domain the permissions necessary to use systemd notify when started by the specified systemd user instance.

Module: telepathy

Layer: apps

telepathy_domain_template( domain_prefix )

The template to define a telepathy domain.

Module: telepathy

Layer: apps

telepathy_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the telepathy module.

Module: thunderbird

Layer: apps

thunderbird_role( role_prefix , user_domain , user_exec_domain , role )

Role access for thunderbird.

Module: tvtime

Layer: apps

tvtime_role( role_prefix , user_domain , user_exec_domain , role )

Role access for tvtime

Module: uml

Layer: apps

uml_role( role_prefix , user_domain , user_exec_domain , role )

Role access for uml.

Module: userdomain

Layer: system

userdom_admin_user_template( userdomain_prefix )

The template for creating an administrative user.

Module: userdomain

Layer: system

userdom_base_user_template( userdomain_prefix )

The template containing the most basic rules common to all users.

Module: userdomain

Layer: system

userdom_basic_networking_template( userdomain_prefix )

The template allowing the user basic network permissions

Module: userdomain

Layer: system

userdom_change_password_template( userdomain_prefix )

The template for allowing the user to change passwords.

Module: userdomain

Layer: system

userdom_common_user_template( userdomain_prefix )

The template containing rules common to unprivileged users and administrative users.

Module: userdomain

Layer: system

userdom_login_user_template( userdomain_prefix )

The template for creating a login user.

Module: userdomain

Layer: system

userdom_restricted_user_template( userdomain_prefix )

The template for creating a unprivileged login user.

Module: userdomain

Layer: system

userdom_restricted_xwindows_user_template( userdomain_prefix )

The template for creating a unprivileged xwindows login user.

Module: userdomain

Layer: system

userdom_unpriv_user_template( userdomain_prefix )

The template for creating a unprivileged user roughly equivalent to a regular linux user.

Module: userdomain

Layer: system

userdom_user_content_access_template( prefix , domain )

Template for handling user content through standard tunables

Module: userdomain

Layer: system

userdom_xdg_user_template( domain )

Allow user to interact with xdg content types

Module: userhelper

Layer: apps

userhelper_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the userhelper module.

Module: virt

Layer: services

virt_domain_template( domain_prefix )

The template to define a virt domain.

Module: vmware

Layer: apps

vmware_role( role_prefix , user_domain , user_exec_domain , role )

Role access for vmware.

Module: wine

Layer: apps

wine_role( role_prefix , user_domain , user_exec_domain , role )

Role access for wine.

Module: wine

Layer: apps

wine_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the wine module.

Module: wireshark

Layer: apps

wireshark_role( role_prefix , user_domain , user_exec_domain , role )

Role access for wireshark.

Module: wm

Layer: apps

wm_dbus_chat( role_prefix , domain )

Send and receive messages from specified wm over dbus.

Module: wm

Layer: apps

wm_role_template( role_prefix , user_domain , user_exec_domain , role )

The role template for the wm module.

Module: wm

Layer: apps

wm_write_pipes( role_prefix , domain )

Write wm unnamed pipes.

Module: xscreensaver

Layer: apps

xscreensaver_role( role_prefix , user_domain , user_exec_domain , role )

Role access for xscreensaver.

Module: xserver

Layer: services

xserver_common_x_domain_template( prefix , domain )

Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.

Module: xserver

Layer: services

xserver_object_types_template( prefix )

Template for creating the set of types used in an X windows domain.

Module: xserver

Layer: services

xserver_restricted_role( role_prefix , user_domain , user_exec_domain , role )

Rules required for using the X Windows server and environment, for restricted users.

Module: xserver

Layer: services

xserver_role( role_prefix , user_domain , user_exec_domain , role )

Rules required for using the X Windows server and environment.

Module: xserver

Layer: services

xserver_user_x_domain_template( prefix , domain , tmpfs_type )

Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.

Module: zarafa

Layer: services

zarafa_domain_template( domain_prefix )

The template to define a zarafa domain.