<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> - <a href='roles_auditadm.html'> auditadm</a><br/> - <a href='roles_logadm.html'> logadm</a><br/> - <a href='roles_secadm.html'> secadm</a><br/> - <a href='roles_staff.html'> staff</a><br/> - <a href='roles_sysadm.html'> sysadm</a><br/> - <a href='roles_sysadm_secadm.html'> sysadm_secadm</a><br/> - <a href='roles_unconfineduser.html'> unconfineduser</a><br/> - <a href='roles_unprivuser.html'> unprivuser</a><br/> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: roles</h1><p/> <h2>Module: sysadm</h2><p/> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>General system administration role</p></p> <hr> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_sysadm_bin_spec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_bin_spec_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a generic bin program in the sysadm domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_bin_spec_domtrans_to"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_bin_spec_domtrans_to</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow sysadm to execute a generic bin program in a specified domain. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Description</h5> <p> </p><p> Allow sysadm to execute a generic bin program in a specified domain. </p><p> </p><p> This is a interface to support third party modules and its use is not allowed in upstream reference policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to execute in. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_entry_spec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_entry_spec_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_entry_spec_domtrans_to"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_entry_spec_domtrans_to</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Description</h5> <p> </p><p> Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon(). </p><p> </p><p> This is a interface to support third party modules and its use is not allowed in upstream reference policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_role_change"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_role_change</b>( role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Change to the system administrator role. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_role_change_to"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_role_change_to</b>( role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Change from the system administrator role. </p> <h5>Description</h5> <p> </p><p> Change from the system administrator role to the specified role. </p><p> </p><p> This is an interface to support third party modules and its use is not allowed in upstream reference policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write sysadm user unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_shell_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_shell_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a shell in the sysadm domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_sigchld"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_sigchld</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to sysadm users. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_sysadm_stub"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_stub</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> sysadm stub interface. No access allowed. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access </p> </td></tr> </table> </div> </div> <a name="link_sysadm_use_fds"></a> <div id="interface"> <div id="codeblock"> <b>sysadm_use_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Inherit and use sysadm file descriptors </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>