<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_corecommands.html'> corecommands</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_domain.html'> domain</a><br/> - <a href='kernel_files.html'> files</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_mcs.html'> mcs</a><br/> - <a href='kernel_mls.html'> mls</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> - <a href='kernel_ubac.html'> ubac</a><br/> - <a href='kernel_unlabelednet.html'> unlabelednet</a><br/> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: kernel</h1><p/> <h2>Module: corecommands</h2><p/> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p> Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin. </p></p> <p>This module is required to be included in all policies.</p> <hr> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_corecmd_bin_alias"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_bin_alias</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create a aliased type to generic bin files. (Deprecated) </p> <h5>Description</h5> <p> </p><p> Create a aliased type to generic bin files. (Deprecated) </p><p> </p><p> This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Alias type for bin_t. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_bin_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_bin_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a file in a bin directory in the specified domain. </p> <h5>Description</h5> <p> </p><p> Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested. </p><p> </p><p> No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module. </p><p> </p><p> This interface was added to handle the ssh-agent policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the new process. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_bin_entry_type"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_bin_entry_type</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make general progams in bin an entrypoint for the specified domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The domain for which bin_t is an entrypoint. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_bin_filetrans"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_bin_filetrans</b>( domain , file_type , object_class , name )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create objects in the /bin directory </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> file_type </td><td> <p> The type of the object to be created </p> </td></tr> <tr><td> object_class </td><td> <p> The object class. </p> </td></tr> <tr><td> name </td><td> <p> The name of the object being created. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_bin_spec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_bin_spec_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a file in a bin directory in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Description</h5> <p> </p><p> Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested. </p><p> </p><p> No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module. </p><p> </p><p> This interface was added to handle the userhelper policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the new process. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_check_exec_shell"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_check_exec_shell</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Check if a shell is executable (DAC-wise). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_access_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_access_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to access check executable files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_access_check_bin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_access_check_bin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to access check bin files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_exec_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_exec_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to execute all executables. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_getattr_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_getattr_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of files in bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_getattr_sbin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_getattr_sbin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attibutes of sbin files. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_search_bin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_search_bin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search the contents of bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_search_sbin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_search_sbin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to search sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_write_bin_dirs"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_write_bin_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_write_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_write_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write bin files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_dontaudit_write_sbin_dirs"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_dontaudit_write_sbin_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_entrypoint_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_entrypoint_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all executable files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_exec_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_exec_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute all executable files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_exec_bin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_exec_bin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute generic programs in bin directories, in the caller domain. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to execute generic programs in system bin directories (/bin, /sbin, /usr/bin, /usr/sbin) a without domain transition. </p><p> </p><p> Typically, this interface should be used when the domain executes general system progams within the privileges of the source domain. Some examples of these programs are ls, cp, sed, python, and tar. This does not include shells, such as bash. </p><p> </p><p> Related interface: </p><p> </p><ul><p> </p><li><p>corecmd_exec_shell()</p></li><p> </p></ul><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_exec_chroot"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_exec_chroot</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute chroot in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_exec_ls"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_exec_ls</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute ls in the caller domain. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_exec_sbin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_exec_sbin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute generic programs in sbin directories, in the caller domain. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_exec_shell"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_exec_shell</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute shells in the caller domain. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to execute shells without a domain transition. </p><p> </p><p> Typically, this interface should be used when the domain executes shells within the privileges of the source domain. Some examples of these programs are bash, tcsh, and zsh. </p><p> </p><p> Related interface: </p><p> </p><ul><p> </p><li><p>corecmd_exec_bin()</p></li><p> </p></ul><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_executable_file"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_executable_file</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified type usable for files that are exectuables, such as binary programs. This does not include shared libraries. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type to be used for files. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_getattr_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_getattr_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of all executable files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_getattr_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_getattr_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of files in bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_getattr_sbin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_getattr_sbin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of sbin files. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_list_bin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_list_bin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List the contents of bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_list_sbin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_list_sbin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List the contents of sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_manage_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_manage_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and all executable files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_manage_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_manage_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete bin files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_manage_sbin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_manage_sbin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete sbin files. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_mmap_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_mmap_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mmap all executables as executable. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_mmap_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_mmap_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mmap a bin file as executable. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_mmap_sbin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_mmap_sbin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Mmap a sbin file as executable. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all executable files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read files in bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_bin_pipes"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_bin_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read pipes in bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_bin_sockets"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_bin_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read named sockets in bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_bin_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_bin_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read symbolic links in bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_sbin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_sbin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read files in sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_sbin_pipes"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_sbin_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read named pipes in sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_sbin_sockets"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_sbin_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read named sockets in sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_read_sbin_symlinks"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_read_sbin_symlinks</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read symbolic links in sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_relabel_all_executables"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_relabel_all_executables</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to and from the bin type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_relabel_bin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_relabel_bin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to and from the bin type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_relabel_sbin_files"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_relabel_sbin_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to and from the sbin type. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_sbin_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_sbin_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a file in a sbin directory in the specified domain. (Deprecated) </p> <h5>Description</h5> <p> </p><p> Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested. (Deprecated) </p><p> </p><p> No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module. </p><p> </p><p> This interface was added to handle the ssh-agent policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the new process. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_sbin_entry_type"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_sbin_entry_type</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make general progams in sbin an entrypoint for the specified domain. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The domain for which sbin programs are an entrypoint. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_sbin_spec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_sbin_spec_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a file in a sbin directory in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon(). (Deprecated) </p> <h5>Description</h5> <p> </p><p> Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested. (Deprecated) </p><p> </p><p> No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module. </p><p> </p><p> This interface was added to handle the userhelper policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the new process. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_search_bin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_search_bin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search the contents of bin directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_search_sbin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_search_sbin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search the contents of sbin directories. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_shell_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_shell_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a shell in the specified domain. </p> <h5>Description</h5> <p> </p><p> Execute a shell in the specified domain. </p><p> </p><p> No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the shell process. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_shell_entry_type"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_shell_entry_type</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the shell an entrypoint for the specified domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The domain for which the shell is an entrypoint. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_shell_spec_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_shell_spec_domtrans</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon(). </p> <h5>Description</h5> <p> </p><p> Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon(). </p><p> </p><p> No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the shell process. </p> </td></tr> </table> </div> </div> <a name="link_corecmd_stub_bin"></a> <div id="interface"> <div id="codeblock"> <b>corecmd_stub_bin</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> corecmd stub bin_t interface. No access allowed. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>
