General system administration role
false
Allow sysadm to debug or ptrace all processes.
Execute a generic bin program in the sysadm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow sysadm to execute a generic bin program in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().
Allow sysadm to execute a generic bin program in a specified domain.
This is a interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain to execute in. |
Do not audit attempts to get the attributes of the sysadm users home directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attepts to get the attributes of sysadm ttys.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to list the sysadm users home directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read files in the sysadm home directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read sym links in the sysadm home directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to search the sysadm users home directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dont audit attempts to read and write sysadm ptys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to use sysadm ttys and ptys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to use sysadm ttys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write to sysadm users home directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of the sysadm users home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create objects in sysadm home directories with automatic file type transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private type |
The type of the object to be created. |
object_class |
The class of the object to be created. If not specified, file is used. |
List the sysadm users home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read files in the sysadm home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read sysadm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write sysadm user unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search the sysadm users home sub directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Search the sysadm users home directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Execute a shell in the sysadm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGCHLD signal to sysadm users.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Inherit and use sysadm file descriptors
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write sysadm ptys.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write sysadm ttys and ptys.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write sysadm ttys.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Change to the generic user role.
Parameter: | Description: |
---|---|
prefix |
The prefix of the user role (e.g., user is the prefix for user_r). |
Change from the generic user role.
Change from the generic user role to the specified role.
This is a template to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
prefix |
The prefix of the user role (e.g., user is the prefix for user_r). |