<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> - <a href='roles_auditadm.html'> auditadm</a><br/> - <a href='roles_logadm.html'> logadm</a><br/> - <a href='roles_secadm.html'> secadm</a><br/> - <a href='roles_staff.html'> staff</a><br/> - <a href='roles_sysadm.html'> sysadm</a><br/> - <a href='roles_sysadm_secadm.html'> sysadm_secadm</a><br/> - <a href='roles_unconfineduser.html'> unconfineduser</a><br/> - <a href='roles_unprivuser.html'> unprivuser</a><br/> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: roles</h1><p/> <h2>Module: unconfineduser</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>Unconfined user role</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_unconfined_chrome_sandbox_transition"></a> <div id="interface"> <div id="codeblock">unconfined_chrome_sandbox_transition</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox </p><p> </p> </div></div> <a name="link_unconfined_login"></a> <div id="interface"> <div id="codeblock">unconfined_login</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow a user to login as an unconfined domain </p><p> </p> </div></div> <a name="link_unconfined_mozilla_plugin_transition"></a> <div id="interface"> <div id="codeblock">unconfined_mozilla_plugin_transition</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container. </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_unconfined_attach_tun_iface"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_attach_tun_iface</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow domain to attach to TUN devices created by unconfined_t users. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_create_keys"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_create_keys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create keys for the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dbus_acquire_svc"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dbus_acquire_svc</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create communication channel with unconfined domain over dbus. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dbus_chat"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dbus_chat</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send and receive messages from unconfined_t over dbus. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dbus_connect"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dbus_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to the the unconfined DBUS for service (acquire_svc). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dbus_send"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dbus_send</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send messages to the unconfined domain over dbus. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_domtrans_to"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domtrans_to</b>( domain , entry_file )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow unconfined to execute the specified program in the specified domain. </p> <h5>Description</h5> <p> </p><p> Allow unconfined to execute the specified program in the specified domain. </p><p> </p><p> This is a interface to support third party modules and its use is not allowed in upstream reference policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to execute in. </p> </td></tr> <tr><td> entry_file </td><td> <p> Domain entry point file. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_read_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_read_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_rw_packet_sockets"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_rw_packet_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read or write unconfined domain packet sockets. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to read or write unconfined domain packet sockets. </p><p> </p><p> This interface was added due to a broken symptom. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_rw_stream"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_rw_stream</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write unconfined domain stream. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_rw_tcp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_rw_tcp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read or write unconfined domain tcp sockets. </p> <h5>Description</h5> <p> </p><p> Do not audit attempts to read or write unconfined domain tcp sockets. </p><p> </p><p> This interface was added due to a broken symptom in ldconfig. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_dontaudit_write_state"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_dontaudit_write_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Dontaudit write process information for unconfined process. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_getpgid"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_getpgid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the process group of unconfined. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_ptrace"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_ptrace</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow ptrace of unconfined domain </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_read_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_read_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_role_change"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_role_change</b>( role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Change to the unconfined role. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_role_change_to"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_role_change_to</b>( role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Change from the unconfineduser role. </p> <h5>Description</h5> <p> </p><p> Change from the unconfineduser role to the specified role. </p><p> </p><p> This is an interface to support third party modules and its use is not allowed in upstream reference policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_run"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_run</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute specified programs in the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process performing this action. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the unconfined domain. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_run_to"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_run_to</b>( domain , entry_file )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals. </p> <h5>Description</h5> <p> </p><p> Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals. </p><p> </p><p> This is a interface to support third party modules and its use is not allowed in upstream reference policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to execute in. </p> </td></tr> <tr><td> entry_file </td><td> <p> Domain entry point file. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write unconfined domain unnamed pipes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_rw_shm"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_rw_shm</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write to unconfined shared memory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process performing this action. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_set_rlimitnh"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_set_rlimitnh</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow apps to set rlimits on unconfined user </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_setsched"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_setsched</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow apps to setsched on unconfined user </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_shell_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_shell_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to the unconfined domain by executing a shell. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_sigchld"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_sigchld</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_signal"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send generic signals to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_signull"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_signull</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGNULL signal to the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_stream_connect"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_stream_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to the unconfined domain using a unix domain stream socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_stub_role"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_stub_role</b>( domain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> Stub unconfined role. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain_prefix </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_transition"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_transition</b>( domain , entrypoint )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow domain to transition to unconfined_t user </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> entrypoint </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_typebounds"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_typebounds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> unconfined_t domain typebounds calling domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be typebound. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_use_fds"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_use_fds</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Inherit file descriptors from the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_write_keys"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_write_keys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write keys for the unconfined domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>