<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_kdbus.html'> kdbus</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_systemd.html'> systemd</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: system</h1><p/> <h2>Module: ipsec</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>TCP/IP encryption</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_racoon_read_shadow"></a> <div id="interface"> <div id="codeblock">racoon_read_shadow</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow racoon to read shadow </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_ipsec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute ipsec in the ipsec domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_domtrans_mgmt"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_domtrans_mgmt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute ipsec in the ipsec mgmt domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_domtrans_racoon"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_domtrans_racoon</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute racoon in the racoon domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_domtrans_setkey"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_domtrans_setkey</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute setkey in the setkey domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_exec_mgmt"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_exec_mgmt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the IPSEC management program in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_filetrans_key_file"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_filetrans_key_file</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow to create OBJECT in /etc with ipsec_key_file_t. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_getattr_key_sockets"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_getattr_key_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of an IPSEC key socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_kill"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_kill</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send ipsec a kill signal. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_kill_mgmt"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_kill_mgmt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send ipsec mgmt a kill signal. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_manage_key_file"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_manage_key_file</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow to manage ipsec key files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_manage_pid"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_manage_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete the IPSEC pid files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_match_default_spd"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_match_default_spd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Match the default SPD entry. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_mgmt_dbus_chat"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_mgmt_dbus_chat</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send and receive messages from ipsec-mgmt over dbus. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_mgmt_read_pid"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_mgmt_read_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the ipsec_mgmt_var_run_t files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_mgmt_systemctl"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_mgmt_systemctl</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute strongswan in the ipsec_mgmt domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_read_config"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_read_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the IPSEC configuration </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_read_pid"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_read_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow read the IPSEC pid files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_run_racoon"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_run_racoon</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute racoon and allow the specified role the domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_run_setkey"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_run_setkey</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute setkey and allow the specified role the domains. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> Role allowed access.. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_rw_inherited_pipes"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_rw_inherited_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow read/write ipsec pipes </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_setcontext_default_spd"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_setcontext_default_spd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the context of a SPD entry to the default context. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_signal"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send ipsec a general signal. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_signal_mgmt"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_signal_mgmt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send ipsec mgmt a general signal. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_signull"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_signull</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send ipsec a null signal. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_signull_mgmt"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_signull_mgmt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send ipsec mgmt a null signal. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_stream_connect"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_stream_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to IPSEC using a unix domain stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_stream_connect_racoon"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_stream_connect_racoon</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to racoon using a unix domain stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ipsec_write_pid"></a> <div id="interface"> <div id="codeblock"> <b>ipsec_write_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> write the ipsec_var_run_t files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>