<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_kdbus.html'> kdbus</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_systemd.html'> systemd</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: system</h1><p/> <h2>Module: unconfined</h2><p/> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>The unconfined domain.</p></p> <hr> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_unconfined_alias_domain"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_alias_domain</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Add an alias type to the unconfined domain. (Deprecated) </p> <h5>Description</h5> <p> </p><p> Add an alias type to the unconfined domain. (Deprecated) </p><p> </p><p> This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> New alias of the unconfined domain. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_domain"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domain</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain unconfined and audit executable heap usage. </p> <h5>Description</h5> <p> </p><p> Make the specified domain unconfined and audit executable heap usage. With exception of memory protections, usage of this interface will result in the level of access the domain has is like SELinux was not being used. </p><p> </p><p> Only completely trusted domains should use this interface. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to make unconfined. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_domain_noaudit"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_domain_noaudit</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain unconfined. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to make unconfined. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_execmem_alias_program"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_execmem_alias_program</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Add an alias type to the unconfined execmem program file type. (Deprecated) </p> <h5>Description</h5> <p> </p><p> Add an alias type to the unconfined execmem program file type. (Deprecated) </p><p> </p><p> This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> New alias of the unconfined execmem program type. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_server_dbus_chat"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_server_dbus_chat</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow caller domain to dbus chat unconfined_server. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_server_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_server_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to unconfined_server with a unix socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_server_signull"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_server_signull</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send signull to unconfined_service_t. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_unconfined_server_stream_connect"></a> <div id="interface"> <div id="codeblock"> <b>unconfined_server_stream_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to unconfined_server with a unix socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>