Layer: system

Module: unconfined

Tunables Interfaces Templates

Description:

The unconfined domain.


Tunables:

allow_unconfined_mmap_low
Default value

false

Description

Allow unconfined domain to map low memory in the kernel

allow_unconfined_nsplugin_transition
Default value

false

Description

Transition to confined nsplugin domains from unconfined user

allow_unconfined_qemu_transition
Default value

false

Description

Transition to confined qemu domains from unconfined user

Return

Interfaces:

unconfined_alias_domain( domain )
Summary

Add an alias type to the unconfined domain. (Deprecated)

Description

Add an alias type to the unconfined domain. (Deprecated)

This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.

Parameters
Parameter:Description:
domain

New alias of the unconfined domain.

unconfined_create_keys( domain )
Summary

Create keys for the unconfined domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_dbus_chat( domain )
Summary

Send and receive messages from unconfined_t over dbus.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_dbus_connect( domain )
Summary

Connect to the the unconfined DBUS for service (acquire_svc).

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_dbus_send( domain )
Summary

Send messages to the unconfined domain over dbus.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_delete_tmpfs_files( domain )
Summary

Delete unconfined tmpfs files.

Description

Read/write unconfined tmpfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_domain( domain )
Summary

Make the specified domain unconfined and audit executable memory and executable heap usage.

Parameters
Parameter:Description:
domain

Domain to make unconfined.

unconfined_domain_noaudit( domain )
Summary

Make the specified domain unconfined.

Parameters
Parameter:Description:
domain

Domain to make unconfined.

unconfined_domtrans( domain )
Summary

Transition to the unconfined domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_domtrans_to( domain , entry_file )
Summary

Allow unconfined to execute the specified program in the specified domain.

Description

Allow unconfined to execute the specified program in the specified domain.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain to execute in.

entry_file

Domain entry point file.

unconfined_dontaudit_read_pipes( domain )
Summary

Do not audit attempts to read unconfined domain unnamed pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_dontaudit_rw_pipes( domain )
Summary

Do not audit attempts to read and write unconfined domain unnamed pipes.

Parameters
Parameter:Description:
domain

Domain to not audit.

unconfined_dontaudit_rw_tcp_sockets( domain )
Summary

Do not audit attempts to read or write unconfined domain tcp sockets.

Description

Do not audit attempts to read or write unconfined domain tcp sockets.

This interface was added due to a broken symptom in ldconfig.

Parameters
Parameter:Description:
domain

Domain to not audit.

unconfined_dontaudit_use_terms( domain )
Summary

Do not audit attempts to use unconfined ttys and ptys.

Parameters
Parameter:Description:
domain

Domain to not audit.

unconfined_execmem_alias_program( domain )
Summary

Add an alias type to the unconfined execmem program file type. (Deprecated)

Description

Add an alias type to the unconfined execmem program file type. (Deprecated)

This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.

Parameters
Parameter:Description:
domain

New alias of the unconfined execmem program type.

unconfined_execmem_domtrans( domain )
Summary

Transition to the unconfined_execmem domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_execmem_exec( domain )
Summary

execute the execmem applications

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_execmem_rw_shm( domain )
Summary

Read and write to unconfined execmem shared memory.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

unconfined_execmem_signull( domain )
Summary

Send a SIGNULL signal to the unconfined execmem domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_getpgid( domain )
Summary

Get the process group of unconfined.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_ptrace( domain )
Summary

Allow ptrace of unconfined domain

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_read_home_content_files( domain )
Summary

Read files in unconfined users home directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_read_pipes( domain )
Summary

Read unconfined domain unnamed pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_read_tmp_files( domain )
Summary

Read unconfined users temporary files.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_run( domain , role , terminal )
Summary

Execute specified programs in the unconfined domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

role

The role to allow the unconfined domain.

terminal

The type of the terminal allow the unconfined domain to use.

unconfined_run_to( domain , entry_file )
Summary

Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.

Description

Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain to execute in.

entry_file

Domain entry point file.

unconfined_rw_pipes( domain )
Summary

Read and write unconfined domain unnamed pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_rw_shm( domain )
Summary

Read and write to unconfined shared memory.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

unconfined_rw_tmpfs_files( domain )
Summary

Read/write unconfined tmpfs files.

Description

Read/write unconfined tmpfs files.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_set_rlimitnh( domain )
Summary

Allow apps to set rlimits on userdomain

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_shell_domtrans( domain )
Summary

Transition to the unconfined domain by executing a shell.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_sigchld( domain )
Summary

Send a SIGCHLD signal to the unconfined domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_signal( domain )
Summary

Send generic signals to the unconfined domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_signull( domain )
Summary

Send a SIGNULL signal to the unconfined domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_stream_connect( domain )
Summary

Connect to the unconfined domain using a unix domain stream socket.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_use_fds( domain )
Summary

Inherit file descriptors from the unconfined domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_use_terms( domain )
Summary

allow attempts to use unconfined ttys and ptys.

Parameters
Parameter:Description:
domain

Domain allowed access.

unconfined_write_tmp_files( domain )
Summary

Write unconfined users temporary files.

Parameters
Parameter:Description:
domain

Domain allowed access.

Return

Templates:

unconfined_role_change_template( prefix )
Summary

Change to the unconfined role.

Parameters
Parameter:Description:
prefix

The prefix of the user role (e.g., user is the prefix for user_r).

unconfined_role_change_to_template( prefix )
Summary

Change from the unconfined role.

Description

Change from the unconfined role to the specified role.

This is a template to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
prefix

The prefix of the user role (e.g., user is the prefix for user_r).

Return