<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_corecommands.html'> corecommands</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_domain.html'> domain</a><br/> - <a href='kernel_files.html'> files</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_mcs.html'> mcs</a><br/> - <a href='kernel_mls.html'> mls</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> - <a href='kernel_ubac.html'> ubac</a><br/> - <a href='kernel_unlabelednet.html'> unlabelednet</a><br/> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: kernel</h1><p/> <h2>Module: ubac</h2><p/> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>User-based access control policy</p></p> <p>This module is required to be included in all policies.</p> <hr> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_ubac_constrained"></a> <div id="interface"> <div id="codeblock"> <b>ubac_constrained</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Constrain by user-based access control (UBAC). </p> <h5>Description</h5> <p> </p><p> Constrain the specified type by user-based access control (UBAC). Typically, these are user processes or user files that need to be differentiated by SELinux user. Normally this does not include administrative or privileged programs. For the UBAC rules to be enforced, both the subject (source) type and the object (target) types must be UBAC constrained. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type to be constrained by UBAC. </p> </td></tr> </table> </div> </div> <a name="link_ubac_db_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_db_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for databases. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_dbus_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_dbus_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for dbus. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_fd_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_fd_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for file descriptors. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_file_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_file_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_key_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_key_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for keys. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_process_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_process_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_socket_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_socket_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_sysvipc_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_sysvipc_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for SysV IPC. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a name="link_ubac_xwin_exempt"></a> <div id="interface"> <div id="codeblock"> <b>ubac_xwin_exempt</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Exempt user-based access control for X Windows. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to be exempted. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>