|
Server : Apache System : Linux server.mata-lashes.com 3.10.0-1160.90.1.el7.x86_64 #1 SMP Thu May 4 15:21:22 UTC 2023 x86_64 User : matalashes ( 1004) PHP Version : 8.1.29 Disable Function : NONE Directory : /proc/17567/root/usr/share/selinux/devel/include/roles/ |
Upload File : |
## <summary>General system administration role</summary> ######################################## ## <summary> ## Change to the system administrator role. ## </summary> ## <param name="role"> ## <summary> ## Role allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`sysadm_role_change',` gen_require(` role sysadm_r; ') allow $1 sysadm_r; ') ######################################## ## <summary> ## Change from the system administrator role. ## </summary> ## <desc> ## <p> ## Change from the system administrator role to ## the specified role. ## </p> ## <p> ## This is an interface to support third party modules ## and its use is not allowed in upstream reference ## policy. ## </p> ## </desc> ## <param name="role"> ## <summary> ## Role allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`sysadm_role_change_to',` gen_require(` role sysadm_r; ') allow sysadm_r $1; ') ######################################## ## <summary> ## Execute a shell in the sysadm domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`sysadm_shell_domtrans',` gen_require(` type sysadm_t; ') corecmd_shell_domtrans($1, sysadm_t) allow sysadm_t $1:fd use; allow sysadm_t $1:fifo_file rw_file_perms; allow sysadm_t $1:process sigchld; ') ####################################### ## <summary> ## sysadm stub interface. No access allowed. ## </summary> ## <param name="domain" unused="true"> ## <summary> ## Domain allowed access ## </summary> ## </param> # interface(`sysadm_stub',` gen_require(` type sysadm_t; role sysadm_r; ') ') ######################################## ## <summary> ## Execute a generic bin program in the sysadm domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`sysadm_bin_spec_domtrans',` gen_require(` type sysadm_t; ') corecmd_bin_spec_domtrans($1, sysadm_t) allow sysadm_t $1:fd use; allow sysadm_t $1:fifo_file rw_file_perms; allow sysadm_t $1:process sigchld; ') ######################################## ## <summary> ## Execute all entrypoint files in the sysadm domain. This ## is an explicit transition, requiring the ## caller to use setexeccon(). ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`sysadm_entry_spec_domtrans',` gen_require(` type sysadm_t; ') domain_entry_file_spec_domtrans($1, sysadm_t) allow sysadm_t $1:fd use; allow sysadm_t $1:fifo_file rw_file_perms; allow sysadm_t $1:process sigchld; ') ######################################## ## <summary> ## Allow sysadm to execute all entrypoint files in ## a specified domain. This is an explicit transition, ## requiring the caller to use setexeccon(). ## </summary> ## <desc> ## <p> ## Allow sysadm to execute all entrypoint files in ## a specified domain. This is an explicit transition, ## requiring the caller to use setexeccon(). ## </p> ## <p> ## This is a interface to support third party modules ## and its use is not allowed in upstream reference ## policy. ## </p> ## </desc> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`sysadm_entry_spec_domtrans_to',` gen_require(` type sysadm_t; ') domain_entry_file_spec_domtrans(sysadm_t, $1) allow $1 sysadm_t:fd use; allow $1 sysadm_t:fifo_file rw_file_perms; allow $1 sysadm_t:process sigchld; ') ######################################## ## <summary> ## Allow sysadm to execute a generic bin program in ## a specified domain. This is an explicit transition, ## requiring the caller to use setexeccon(). ## </summary> ## <desc> ## <p> ## Allow sysadm to execute a generic bin program in ## a specified domain. ## </p> ## <p> ## This is a interface to support third party modules ## and its use is not allowed in upstream reference ## policy. ## </p> ## </desc> ## <param name="domain"> ## <summary> ## Domain to execute in. ## </summary> ## </param> # interface(`sysadm_bin_spec_domtrans_to',` gen_require(` type sysadm_t; ') corecmd_bin_spec_domtrans(sysadm_t, $1) allow $1 sysadm_t:fd use; allow $1 sysadm_t:fifo_file rw_file_perms; allow $1 sysadm_t:process sigchld; ') ######################################## ## <summary> ## Send a SIGCHLD signal to sysadm users. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`sysadm_sigchld',` gen_require(` type sysadm_t; ') allow $1 sysadm_t:process sigchld; ') ######################################## ## <summary> ## Inherit and use sysadm file descriptors ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`sysadm_use_fds',` gen_require(` type sysadm_t; ') allow $1 sysadm_t:fd use; ') ######################################## ## <summary> ## Read and write sysadm user unnamed pipes. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`sysadm_rw_pipes',` gen_require(` type sysadm_t; ') allow $1 sysadm_t:fifo_file rw_fifo_file_perms; ')