Layer: roles

Module: unprivuser

Interfaces Templates

Description:

Generic unprivileged user role


Interfaces:

unprivuser_append_home_content_files( domain )
Summary

append all unprivileged users home directory files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_dontaudit_append_home_content_files( domain )
Summary

dontaudit append all unprivileged users home directory files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_dontaudit_home_content_files( domain )
Summary

Do not audit attempts to relabel unpriv user home files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_dontaudit_list_home_dirs( domain )
Summary

Don't audit list on the user home subdirectory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_dontaudit_read_home_content_files( domain )
Summary

dontaudit Read all unprivileged users home directory files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_dontaudit_relabel_home_content_files( domain )
Summary

Do not audit attempts to relabel generic user home files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_dontaudit_search_home_dirs( domain )
Summary

Don't audit search on the user home subdirectory.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_home_dir_filetrans( domain )
Summary

Create generic user home directories with automatic file type transition.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_home_dir_filetrans_home_content( domain , object_class )
Summary

Create objects in generic user home directories with automatic file type transition.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
object_class

The class of the object to be created. If not specified, file is used.

No
unprivuser_home_filetrans_home_dir( domain )
Summary

Create generic user home directories with automatic file type transition.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_home_content_dirs( domain )
Summary

Create, read, write, and delete directories in unprivileged users home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_home_content_files( domain )
Summary

Create, read, write, and delete files in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_home_content_pipes( domain )
Summary

Create, read, write, and delete named pipes in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_home_content_sockets( domain )
Summary

Create, read, write, and delete named sockets in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_home_content_symlinks( domain )
Summary

Create, read, write, and delete symbolic links in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_home_dirs( domain )
Summary

Create, read, write, and delete generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_tmp_files( domain )
Summary

Write all unprivileged users files in /tmp

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_tmp_symlinks( domain )
Summary

Write all unprivileged users lnk_files in /tmp

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_mmap_home_content_files( domain )
Summary

Mmap of unpriv user home files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_read_home_content_files( domain )
Summary

Read files in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_read_home_content_symlinks( domain )
Summary

Read link files in generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_read_tmp_files( domain )
Summary

Read all unprivileged users files in /tmp

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_relabelto_home_dirs( domain )
Summary

Relabel to generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_rw_semaphores( domain )
Summary

RW unpriviledged user SysV sempaphores.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_search_home_dirs( domain )
Summary

Search generic user home directories.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_stream_connect( domain )
Summary

Connect to unpriviledged users over an unix stream socket.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_unlink_tmp_files( domain )
Summary

unlink all unprivileged users files in /tmp

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_write_tmp_files( domain )
Summary

Write all unprivileged users files in /tmp

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
Return

Templates:

unprivuser_delete_tmpfs_files( domain )
Summary

Unlink user tmpfs files.

Description

Read/write user tmpfs files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_dontaudit_manage_tmp_dirs( domain )
Summary

Do not audit attempts to manage users temporary directories.

Description

Do not audit attempts to manage users temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
unprivuser_dontaudit_write_home_content_files( domain )
Summary

Do not audit attempts to write user home files.

Description

Do not audit attempts to write user home files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
unprivuser_manage_tmp_dirs( domain )
Summary

Create, read, write, and delete user temporary directories.

Description

Create, read, write, and delete user temporary directories.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_tmp_pipes( userdomain_prefix , domain )
Summary

Create, read, write, and delete user temporary named pipes.

Description

Create, read, write, and delete user temporary named pipes.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
unprivuser_manage_tmp_sockets( domain )
Summary

Create, read, write, and delete user temporary named sockets.

Description

Create, read, write, and delete user temporary named sockets.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_manage_untrusted_content_files( userdomain_prefix , domain )
Summary

Manage user untrusted files.

Description

Create, read, write, and delete untrusted files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
unprivuser_manage_untrusted_content_tmp_files( userdomain_prefix , domain )
Summary

Manage user untrusted tmp files.

Description

Create, read, write, and delete untrusted tmp files.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
unprivuser_read_tmpfs_files( domain )
Summary

Read user tmpfs files.

Description

read user temporary file system files

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
unprivuser_role_change_template( prefix )
Summary

Change to the generic user role.

Parameters
Parameter:Description:Optional:
prefix

The prefix of the user role (e.g., user is the prefix for user_r).

No
unprivuser_role_change_to_template( prefix )
Summary

Change from the generic user role.

Description

Change from the generic user role to the specified role.

This is a template to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:Optional:
prefix

The prefix of the user role (e.g., user is the prefix for user_r).

No
Return