<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_corecommands.html'> corecommands</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_domain.html'> domain</a><br/> - <a href='kernel_files.html'> files</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_mcs.html'> mcs</a><br/> - <a href='kernel_mls.html'> mls</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> - <a href='kernel_ubac.html'> ubac</a><br/> - <a href='kernel_unlabelednet.html'> unlabelednet</a><br/> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: kernel</h1><p/> <h2>Module: domain</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>Core policy for domains.</p></p> <p>This module is required to be included in all policies.</p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_domain_fd_use"></a> <div id="interface"> <div id="codeblock">domain_fd_use</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow all domains to use other domains file descriptors </p><p> </p> </div></div> <a name="link_domain_kernel_load_modules"></a> <div id="interface"> <div id="codeblock">domain_kernel_load_modules</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow all domains to have the kernel load modules </p><p> </p> </div></div> <a name="link_fips_mode"></a> <div id="interface"> <div id="codeblock">fips_mode</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow all domains to execute in fips_mode </p><p> </p> </div></div> <a name="link_mmap_low_allowed"></a> <div id="interface"> <div id="codeblock">mmap_low_allowed</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Control the ability to mmap a low area of the address space, as configured by /proc/sys/vm/mmap_min_addr. </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_domain_all_recvfrom_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_all_recvfrom_all_domains</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow specified type to receive labeled networking packets from all domains, over all protocols (TCP, UDP, etc) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_base_type"></a> <div id="interface"> <div id="codeblock"> <b>domain_base_type</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified type usable as a basic domain. </p> <h5>Description</h5> <p> </p><p> Make the specified type usable as a basic domain. </p><p> </p><p> This is primarily used for kernel threads; generally the domain_type() interface is more appropriate for userland processes. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type to be used as a basic domain type. </p> </td></tr> </table> </div> </div> <a name="link_domain_cron_exemption_source"></a> <div id="interface"> <div id="codeblock"> <b>domain_cron_exemption_source</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain the source of the cron domain exception of the SELinux role and identity change constraints. </p> <h5>Description</h5> <p> </p><p> Make the specified domain the source of the cron domain exception of the SELinux role and identity change constraints. </p><p> </p><p> This interface is needed to decouple the cron domains from the base module. It should not be used other than on cron domains. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a name="link_domain_cron_exemption_target"></a> <div id="interface"> <div id="codeblock"> <b>domain_cron_exemption_target</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain the target of the cron domain exception of the SELinux role and identity change constraints. </p> <h5>Description</h5> <p> </p><p> Make the specified domain the target of the cron domain exception of the SELinux role and identity change constraints. </p><p> </p><p> This interface is needed to decouple the cron domains from the base module. It should not be used other than on user cron jobs. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a name="link_domain_destroy_all_semaphores"></a> <div id="interface"> <div id="codeblock"> <b>domain_destroy_all_semaphores</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Destroy all domains semaphores </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_access_check"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_access_check</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to access check /proc </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_exec_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_exec_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> dontaudit checking for execute on all entry point files </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_dgram_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_dgram_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all domains unix datagram sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all entry point files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_key_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_key_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get attribues of all domains IPSEC key management sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_packet_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_packet_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get attribues of all domains packet sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_pipes"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all domains unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_raw_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_raw_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get attribues of all domains raw sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all domains sockets, for all socket types. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to get the attributes of all domains sockets, for all socket types. </p><p> </p><p> This interface was added for PCMCIA cardmgr and is probably excessive. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_stream_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_stream_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all domains unix datagram sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_tcp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_tcp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all domains TCP sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getattr_all_udp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getattr_all_udp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of all domains UDP sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_getsession_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_getsession_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the session ID of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_leaks"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_leaks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read or write all leaked sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_link_all_domains_keyrings"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_link_all_domains_keyrings</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Dontaudit link of process kernel keyrings </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to dontaudit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_list_all_domains_state"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_list_all_domains_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read the process state directories of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_ptrace_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_ptrace_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to ptrace all domains. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to ptrace all domains. </p><p> </p><p> Generally this needs to be suppressed because procps tries to access /proc/pid/environ and this now triggers a ptrace check in recent kernels (2.4 and 2.6). </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_ptrace_confined_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_ptrace_confined_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to ptrace confined domains. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to ptrace confined domains. </p><p> </p><p> Generally this needs to be suppressed because procps tries to access /proc/pid/environ and this now triggers a ptrace check in recent kernels (2.4 and 2.6). </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_read_all_domains_state"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_read_all_domains_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read the process state (/proc/pid) of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_rw_all_key_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_rw_all_key_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read or write all domains key sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_rw_all_udp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_rw_all_udp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read or write all domains UDP sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_search_all_domains_keyrings"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_search_all_domains_keyrings</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Dontaudit search of process kernel keyrings </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to dontaudit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_search_all_domains_state"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_search_all_domains_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search the process state directory (/proc/pid) of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_signal_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_signal_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to send general signals to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_signull_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_signull_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to send signulls to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dontaudit_use_interactive_fds"></a> <div id="interface"> <div id="codeblock"> <b>domain_dontaudit_use_interactive_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to inherit file descriptors from domains with interactive programs. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_domain_dyntrans_type"></a> <div id="interface"> <div id="codeblock"> <b>domain_dyntrans_type</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain to perform dynamic transitions. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to perform dynamic transitions. </p><p> </p><p> This violates process tranquility, and it is strongly suggested that this not be used. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_entry_file"></a> <div id="interface"> <div id="codeblock"> <b>domain_entry_file</b>( domain , type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified type usable as an entry point for the domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be entered. </p> </td></tr> <tr><td> type </td><td> <p> Type of program used for entering the domain. </p> </td></tr> </table> </div> </div> <a name="link_domain_entry_file_spec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>domain_entry_file_spec_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute an entry_type in the specified domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the new process. </p> </td></tr> </table> </div> </div> <a name="link_domain_exec_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_exec_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the entry point files for all domains in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getattr_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_getattr_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getattr_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_getattr_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of entry point files for all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getattr_all_pipes"></a> <div id="interface"> <div id="codeblock"> <b>domain_getattr_all_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of all domains unnamed pipes. </p> <h5>Description</h5> <p> </p><p> Get the attributes of all domains unnamed pipes. </p><p> </p><p> This is commonly used for domains that can use lsof on all domains. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getattr_all_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_getattr_all_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of all domains sockets, for all socket types. </p> <h5>Description</h5> <p> </p><p> Get the attributes of all domains sockets, for all socket types. </p><p> </p><p> This is commonly used for domains that can use lsof on all domains. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getattr_all_stream_sockets"></a> <div id="interface"> <div id="codeblock"> <b>domain_getattr_all_stream_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of all domains unix datagram sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getattr_confined_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_getattr_confined_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of all confined domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getcap_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_getcap_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the capability information of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getpgid_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_getpgid_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the process group ID of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getsched_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_getsched_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the scheduler information of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_getsession_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_getsession_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the session ID of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_interactive_fd"></a> <div id="interface"> <div id="codeblock"> <b>domain_interactive_fd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the file descriptors of the specified domain for interactive use (widely inheritable) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_ipsec_setcontext_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_ipsec_setcontext_all_domains</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow specified type to set context of all domains IPSEC associations. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_kill_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_kill_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a kill signal to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_manage_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_manage_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete all entrypoint files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_mmap_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_mmap_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mmap all entry point files as executable. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_mmap_low"></a> <div id="interface"> <div id="codeblock"> <b>domain_mmap_low</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Ability to mmap a low area of the address space conditionally, as configured by /proc/sys/vm/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_mmap_low_uncond"></a> <div id="interface"> <div id="codeblock"> <b>domain_mmap_low_uncond</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Ability to mmap a low area of the address space unconditionally, as configured by /proc/sys/vm/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_named_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>domain_named_filetrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Named Filetrans Domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_obj_id_change_exemption"></a> <div id="interface"> <div id="codeblock"> <b>domain_obj_id_change_exemption</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Makes caller an exception to the constraint preventing changing the user identity in object contexts. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type to make an exception to the constraint. </p> </td></tr> </table> </div> </div> <a name="link_domain_ptrace_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_ptrace_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Ptrace all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_read_all_domains_state"></a> <div id="interface"> <div id="codeblock"> <b>domain_read_all_domains_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the process state (/proc/pid) of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_read_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_read_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the entry point files for all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_read_confined_domains_state"></a> <div id="interface"> <div id="codeblock"> <b>domain_read_confined_domains_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the process state (/proc/pid) of all confined domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_relabel_all_entry_files"></a> <div id="interface"> <div id="codeblock"> <b>domain_relabel_all_entry_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to and from all entry point file types. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_relabelfrom"></a> <div id="interface"> <div id="codeblock"> <b>domain_relabelfrom</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel from domain types on files if a user managed to mislable </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_role_change_exemption"></a> <div id="interface"> <div id="codeblock"> <b>domain_role_change_exemption</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Makes caller an exception to the constraint preventing changing of role. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type to make an exception to the constraint. </p> </td></tr> </table> </div> </div> <a name="link_domain_search_all_domains_state"></a> <div id="interface"> <div id="codeblock"> <b>domain_search_all_domains_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search the process state directory (/proc/pid) of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_setpriority_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_setpriority_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the nice level of all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_setrlimit_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_setrlimit_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow set resource limits to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_sigchld_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_sigchld_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a child terminated signal to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_sigchld_interactive_fds"></a> <div id="interface"> <div id="codeblock"> <b>domain_sigchld_interactive_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to domains whose file discriptors are widely inheritable. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_signal_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_signal_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send general signals to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_signull_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_signull_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a null signal to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_sigstop_all_domains"></a> <div id="interface"> <div id="codeblock"> <b>domain_sigstop_all_domains</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a stop signal to all domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_stub_named_filetrans_domain"></a> <div id="interface"> <div id="codeblock"> <b>domain_stub_named_filetrans_domain</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> named_filetrans_domain stub attribute interface. No access allowed. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access </p> </td></tr> </table> </div> </div> <a name="link_domain_subj_id_change_exemption"></a> <div id="interface"> <div id="codeblock"> <b>domain_subj_id_change_exemption</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Makes caller an exception to the constraint preventing changing of user identity. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The process type to make an exception to the constraint. </p> </td></tr> </table> </div> </div> <a name="link_domain_system_change_exemption"></a> <div id="interface"> <div id="codeblock"> <b>domain_system_change_exemption</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Makes caller and execption to the constraint preventing changing to the system user identity and system role. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_transition_all"></a> <div id="interface"> <div id="codeblock"> <b>domain_transition_all</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller to transition to any domain </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_type"></a> <div id="interface"> <div id="codeblock"> <b>domain_type</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified type usable as a domain. </p> <h5>Description</h5> <p> </p><p> Make the specified type usable as a domain. This, or an interface that calls this interface, must be used on all types that are used as domains. </p><p> </p><p> Related interfaces: </p><p> </p><ul><p> </p><li><p>application_domain()</p></li><p> </p><li><p>init_daemon_domain()</p></li><p> </p><li><p>init_domaion()</p></li><p> </p><li><p>init_ranged_daemon_domain()</p></li><p> </p><li><p>init_ranged_domain()</p></li><p> </p><li><p>init_ranged_system_domain()</p></li><p> </p><li><p>init_script_domain()</p></li><p> </p><li><p>init_system_domain()</p></li><p> </p></ul><p> </p><p> Example: </p><p> </p><p> type mydomain_t; domain_type(mydomain_t) type myfile_t; files_type(myfile_t) allow mydomain_t myfile_t:file read_file_perms; </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type to be used as a domain type. </p> </td></tr> </table> </div> </div> <a name="link_domain_unconfined"></a> <div id="interface"> <div id="codeblock"> <b>domain_unconfined</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unconfined access to domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_unconfined_signal"></a> <div id="interface"> <div id="codeblock"> <b>domain_unconfined_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send generic signals to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_use_interactive_fds"></a> <div id="interface"> <div id="codeblock"> <b>domain_use_interactive_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Inherit and use file descriptors from domains with interactive programs. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to inherit and use file descriptors from domains with interactive programs. This does not allow access to the objects being referenced by the file descriptors. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_domain_user_exemption_target"></a> <div id="interface"> <div id="codeblock"> <b>domain_user_exemption_target</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain the target of the user domain exception of the SELinux role and identity change constraints. </p> <h5>Description</h5> <p> </p><p> Make the specified domain the target of the user domain exception of the SELinux role and identity change constraints. </p><p> </p><p> This interface is needed to decouple the user domains from the base module. It should not be used other than on user domains. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>