Policy for filesystems.
This module is required to be included in all policies.
Associate the specified file type to persistent filesystems with extended attributes. This allows a file of this type to be created on a filesystem such as ext3, JFS, and XFS.
Parameter: | Description: | Optional: |
---|---|---|
file_type |
The type of the to be associated. | No |
Associate the specified file type to filesystems which lack extended attributes support. This allows a file of this type to be created on a filesystem such as FAT32, and NFS.
Parameter: | Description: | Optional: |
---|---|---|
file_type |
The type of the to be associated. | No |
Allow the type to associate to tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
type |
The type of the object to be associated. | No |
Execute a file on a CIFS or SMB filesystem in the specified domain.
Execute a file on a CIFS or SMB filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle home directories on CIFS/SMB filesystems, in particular used by the ssh-agent policy.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
target_domain |
The type of the new process. | No |
Make general progams in cifs an entrypoint for the specified domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The domain for which cifs_t is an entrypoint. | No |
Do not audit attempts to get the attributes of all files with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to get the attributes all filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to get the attributes of all named pipes with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to get the attributes of all named sockets with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to get the attributes of all symbolic links with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to get the attributes of tmpfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to getattr generic tmpfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to get the attributes of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to list directories of automatically mounted filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to list the contents of directories on a CIFS or SMB filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to list the contents of directories on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to list removable storage directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain not to audit. | No |
Do not audit attempts to list the contents of generic tmpfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to create, read, write, and delete directories on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to create, read, write, and delete files on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to create, read, write, and delete directories on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to create, read, write, and delete files on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to read files on a CIFS or SMB filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to read files on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Dontaudit read on a ramfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Dontaudit read on a ramfs fifo_files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to read removable storage files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain not to audit. | No |
Do not audit attempts to read or write files on a CIFS or SMB filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to read or write files on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Do not audit attempts to read or write generic tmpfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Dontaudit Search directories on a ramfs
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
dontaudit Read and write character nodes on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Dont audit attempts to write to all noxattrfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to write to named pipes on a ramfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute files on a CIFS or SMB network filesystem, in the caller domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute files on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute files on a filesystem that does not support extended attributes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the quotas of all filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The type of the domain getting quotas. | No |
Get the filesystem quotas of a filesystem with extended attributes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of all directories with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of all files with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of all persistent filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of all named pipes with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of all named sockets with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of all symbolic links with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of an automount pseudo filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of directories on binfmt_misc filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a DOS filesystem, such as FAT32 or NTFS.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of an iso9660 filesystem, which is usually used on CDs.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a NFS server pseudo filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of filesystems that do not have extended attribute support.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a RAM filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a ROM filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read directories of RPC file system pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a RPC pipe filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a tmpfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of tmpfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Get the attributes of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
List all directories with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read directories of automatically mounted filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
List the contents of directories on a CIFS or SMB filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
List inotifyfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
List NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read all noxattrfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read directories of RPC file system pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
List the contents of generic tmpfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete auto moutpoints.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete symbolic links on an autofs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete directories on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete files on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete named pipes on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete named sockets on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete dirs on a configfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete files on a configfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete dirs on a DOS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete files on a DOS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete directories on a FUSEFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete files on a FUSEFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete directories on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete files on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete named pipes on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete named sockets on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete all noxattrfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete all noxattrfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete directories on a ramfs.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete files on a ramfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete named pipes on a ramfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete named sockets on a ramfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write, create and delete block nodes on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write, create and delete character nodes on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create, read, write, and delete tmpfs directories
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write, create and delete generic files on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write, create and delete socket files on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write, create and delete symbolic links on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount all filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount an automount pseudo filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a DOS filesystem, such as FAT32 or NTFS.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount an fuse filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount an iso9660 filesystem, which is usually used on CDs.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a NFS server pseudo filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a RAM filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a ROM filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a RPC pipe filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a tmpfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute a file on a NFS filesystem in the specified domain.
Execute a file on a NFS filesystem in the specified domain. This allows the specified domain to execute any file on a NFS filesystem in the specified domain. This is not suggested.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
This interface was added to handle home directories on NFS filesystems, in particular used by the ssh-agent policy.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
target_domain |
The type of the new process. | No |
Make general progams in nfs an entrypoint for the specified domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The domain for which nfs_t is an entrypoint. | No |
Transform specified type into a filesystem type which does not have extended attribute support.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read files of anon_inodefs file system files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read files on a CIFS or SMB filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read symbolic links on a CIFS or SMB filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
read files on a DOS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read eventpollfs files.
Read eventpollfs files
This interface has been deprecated, and will be removed in the future.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read, a FUSEFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read symbolic links on a FUSEFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read files on an iso9660 filesystem, which is usually used on CDs.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read files on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read symbolic links on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read all noxattrfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read all noxattrfs symbolic links.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read removable storage files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read removable storage symbolic links.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read files of RPC file system pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read sockets of RPC file system pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read symbolic links of RPC file system pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read generic tmpfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read tmpfs link files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Register an interpreter for new binary file types, using the kernel binfmt_misc support.
Register an interpreter for new binary file types, using the kernel binfmt_misc support.
A common use for this is to register a JVM as an interpreter for Java byte code. Registered binaries can be directly executed on a command line without specifying the interpreter.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Relabel block nodes on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Relabel character nodes on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Relabelfrom all filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Allow changing of the label of a DOS filesystem using the context= mount option.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Relabel all objets from filesystems that do not support extended attributes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Allow changing of the label of a filesystem with extended attributes using the context= mount option.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount all filesystems. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount an automount pseudo filesystem This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a CIFS or SMB network filesystem. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a DOS filesystem, such as FAT32 or NTFS. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount an iso9660 filesystem, which is usually used on CDs. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a NFS filesystem. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Mount a NFS server pseudo filesystem. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a RAM filesystem. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a ROM filesystem. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a RPC pipe filesystem. This allows some mount option to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a tmpfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Remount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS. This allows some mount options to be changed.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read/wrie files of anon_inodefs file system files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write files on hugetlbfs files file systems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write NFS server files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write a named pipe on a ramfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write RPC pipe filesystem named pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write sockets of RPC file system pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write block nodes on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write character nodes on tmpfs filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write generic tmpfs files.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search all directories with a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search automount filesystem to use automatically mounted filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search directories on a CIFS or SMB filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search directories on a FUSEFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search inotifyfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search directories on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search NFS server directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search directories on a ramfs
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search removable storage directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search directories of RPC file system pipes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Search tmpfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Set the quotas of all filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
The type of the domain setting quotas. | No |
Set the filesystem quotas of a filesystem with extended attributes.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Set the attributes of tmpfs directories.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create an object in a tmpfs filesystem, with a private type using a type transition.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
private type |
The type of the object to be created. | No |
object |
The object class of the object being created. | No |
Transform specified type into a filesystem type.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unconfined access to filesystems
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount all filesystems.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount an automount pseudo filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a CIFS or SMB network filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a DOS filesystem, such as FAT32 or NTFS.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount an iso9660 filesystem, which is usually used on CDs.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a NFS server pseudo filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a RAM filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a ROM filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a RPC pipe filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a tmpfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Unmount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read files on a NFS filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Write to named pipe on a ramfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Write to named socket on a ramfs filesystem.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |