diff options
| -rw-r--r-- | doc/policy.xml | 1750 |
1 files changed, 944 insertions, 806 deletions
diff --git a/doc/policy.xml b/doc/policy.xml index ed1c8ef5..ec78d338 100644 --- a/doc/policy.xml +++ b/doc/policy.xml @@ -2455,7 +2455,17 @@ Domain to not audit. </summary> </param> </interface> -<interface name="portage_dontaudit_search_tmp" lineno="338"> +<interface name="portage_dontaudit_use_inherited_ptys" lineno="337"> +<summary> +Do not audit attempts to read and write inherited portage ptys. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="portage_dontaudit_search_tmp" lineno="356"> <summary> Do not audit attempts to search the portage temporary directories. @@ -2466,7 +2476,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="portage_dontaudit_rw_tmp_files" lineno="357"> +<interface name="portage_dontaudit_rw_tmp_files" lineno="375"> <summary> Do not audit attempts to read and write the portage temporary files. @@ -2477,7 +2487,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="portage_eselect_module" lineno="382"> +<interface name="portage_eselect_module" lineno="400"> <summary> Allow the domain to run within an eselect module script. </summary> @@ -2487,7 +2497,7 @@ Domain to allow within an eselect module </summary> </param> </interface> -<interface name="portage_ro_role" lineno="405"> +<interface name="portage_ro_role" lineno="423"> <summary> Read all portage files </summary> @@ -2502,7 +2512,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="portage_read_db" lineno="425"> +<interface name="portage_read_db" lineno="443"> <summary> Read portage db files </summary> @@ -2512,7 +2522,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="portage_read_cache" lineno="445"> +<interface name="portage_read_cache" lineno="463"> <summary> Read portage cache files </summary> @@ -2522,7 +2532,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="portage_read_config" lineno="466"> +<interface name="portage_read_config" lineno="484"> <summary> Read portage configuration files </summary> @@ -2532,7 +2542,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="portage_read_ebuild" lineno="488"> +<interface name="portage_read_ebuild" lineno="506"> <summary> Read portage ebuild files </summary> @@ -2542,7 +2552,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="portage_read_log" lineno="510"> +<interface name="portage_read_log" lineno="528"> <summary> Read portage log files </summary> @@ -2552,7 +2562,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="portage_read_srcrepo" lineno="529"> +<interface name="portage_read_srcrepo" lineno="547"> <summary> Read portage src repository files </summary> @@ -2562,7 +2572,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="portage_dontaudit_write_cache" lineno="551"> +<interface name="portage_dontaudit_write_cache" lineno="569"> <summary> Do not audit writing portage cache files </summary> @@ -61051,7 +61061,18 @@ Domain not to audit. </param> </interface> -<interface name="files_mounton_all_mountpoints" lineno="1726"> +<interface name="files_relabel_config_symlinks" lineno="1727"> +<summary> +Relabel configuration symlinks. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> + +</interface> +<interface name="files_mounton_all_mountpoints" lineno="1745"> <summary> Mount a filesystem on all mount points. </summary> @@ -61061,7 +61082,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_getattr_all_mountpoints" lineno="1747"> +<interface name="files_getattr_all_mountpoints" lineno="1766"> <summary> Get the attributes of all mount points. </summary> @@ -61071,7 +61092,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_setattr_all_mountpoints" lineno="1765"> +<interface name="files_setattr_all_mountpoints" lineno="1784"> <summary> Set the attributes of all mount points. </summary> @@ -61081,7 +61102,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1783"> +<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1802"> <summary> Do not audit attempts to set the attributes on all mount points. </summary> @@ -61091,7 +61112,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_search_all_mountpoints" lineno="1801"> +<interface name="files_search_all_mountpoints" lineno="1820"> <summary> Search all mount points. </summary> @@ -61101,7 +61122,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_all_mountpoints" lineno="1819"> +<interface name="files_dontaudit_search_all_mountpoints" lineno="1838"> <summary> Do not audit searching of all mount points. </summary> @@ -61111,7 +61132,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_all_mountpoints" lineno="1837"> +<interface name="files_list_all_mountpoints" lineno="1856"> <summary> List all mount points. </summary> @@ -61121,7 +61142,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_list_all_mountpoints" lineno="1855"> +<interface name="files_dontaudit_list_all_mountpoints" lineno="1874"> <summary> Do not audit listing of all mount points. </summary> @@ -61131,7 +61152,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_watch_all_mountpoints" lineno="1873"> +<interface name="files_watch_all_mountpoints" lineno="1892"> <summary> Watch all mountpoints. </summary> @@ -61141,7 +61162,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_watch_all_mount_perm" lineno="1891"> +<interface name="files_watch_all_mount_perm" lineno="1910"> <summary> Watch all mountpoints. </summary> @@ -61151,7 +61172,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_write_all_mountpoints" lineno="1909"> +<interface name="files_write_all_mountpoints" lineno="1928"> <summary> Check if all mountpoints are writable. </summary> @@ -61161,7 +61182,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_write_all_mountpoints" lineno="1927"> +<interface name="files_dontaudit_write_all_mountpoints" lineno="1946"> <summary> Do not audit attempts to write to mount points. </summary> @@ -61171,7 +61192,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_root" lineno="1945"> +<interface name="files_list_root" lineno="1964"> <summary> List the contents of the root directory. </summary> @@ -61181,7 +61202,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_root_symlinks" lineno="1965"> +<interface name="files_delete_root_symlinks" lineno="1984"> <summary> Delete symbolic links in the root directory. @@ -61192,7 +61213,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_write_root_dirs" lineno="1983"> +<interface name="files_dontaudit_write_root_dirs" lineno="2002"> <summary> Do not audit attempts to write to / dirs. </summary> @@ -61202,7 +61223,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_dontaudit_rw_root_dir" lineno="2002"> +<interface name="files_dontaudit_rw_root_dir" lineno="2021"> <summary> Do not audit attempts to write files in the root directory. @@ -61213,7 +61234,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_watch_root_dirs" lineno="2020"> +<interface name="files_watch_root_dirs" lineno="2039"> <summary> Watch the root directory. </summary> @@ -61223,7 +61244,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_root_filetrans" lineno="2054"> +<interface name="files_root_filetrans" lineno="2073"> <summary> Create an object in the root directory, with a private type using a type transition. @@ -61249,7 +61270,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_dontaudit_read_root_files" lineno="2073"> +<interface name="files_dontaudit_read_root_files" lineno="2092"> <summary> Do not audit attempts to read files in the root directory. @@ -61260,7 +61281,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_dontaudit_rw_root_files" lineno="2092"> +<interface name="files_dontaudit_rw_root_files" lineno="2111"> <summary> Do not audit attempts to read or write files in the root directory. @@ -61271,7 +61292,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_dontaudit_rw_root_chr_files" lineno="2111"> +<interface name="files_dontaudit_rw_root_chr_files" lineno="2130"> <summary> Do not audit attempts to read or write character device nodes in the root directory. @@ -61282,7 +61303,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_delete_root_chr_files" lineno="2130"> +<interface name="files_delete_root_chr_files" lineno="2149"> <summary> Delete character device nodes in the root directory. @@ -61293,7 +61314,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_root_files" lineno="2148"> +<interface name="files_delete_root_files" lineno="2167"> <summary> Delete files in the root directory. </summary> @@ -61303,7 +61324,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_exec_root_files" lineno="2166"> +<interface name="files_exec_root_files" lineno="2185"> <summary> Execute files in the root directory. </summary> @@ -61313,7 +61334,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_root_dir_entry" lineno="2184"> +<interface name="files_delete_root_dir_entry" lineno="2203"> <summary> Remove entries from the root directory. </summary> @@ -61323,7 +61344,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_root_dir" lineno="2202"> +<interface name="files_manage_root_dir" lineno="2221"> <summary> Manage the root directory. </summary> @@ -61333,7 +61354,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_getattr_rootfs" lineno="2221"> +<interface name="files_getattr_rootfs" lineno="2240"> <summary> Get the attributes of a rootfs file system. @@ -61344,7 +61365,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_associate_rootfs" lineno="2239"> +<interface name="files_associate_rootfs" lineno="2258"> <summary> Associate to root file system. </summary> @@ -61354,7 +61375,7 @@ Type of the file to associate. </summary> </param> </interface> -<interface name="files_relabel_rootfs" lineno="2257"> +<interface name="files_relabel_rootfs" lineno="2276"> <summary> Relabel to and from rootfs file system. </summary> @@ -61364,7 +61385,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_unmount_rootfs" lineno="2275"> +<interface name="files_unmount_rootfs" lineno="2294"> <summary> Unmount a rootfs filesystem. </summary> @@ -61374,7 +61395,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_root" lineno="2293"> +<interface name="files_mounton_root" lineno="2312"> <summary> Mount on the root directory (/) </summary> @@ -61384,7 +61405,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_getattr_boot_fs" lineno="2312"> +<interface name="files_getattr_boot_fs" lineno="2331"> <summary> Get the attributes of a filesystem mounted on /boot. @@ -61395,7 +61416,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_remount_boot" lineno="2330"> +<interface name="files_remount_boot" lineno="2349"> <summary> Remount a filesystem mounted on /boot. </summary> @@ -61405,7 +61426,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_getattr_boot_dirs" lineno="2348"> +<interface name="files_getattr_boot_dirs" lineno="2367"> <summary> Get attributes of the /boot directory. </summary> @@ -61415,7 +61436,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_boot_dirs" lineno="2367"> +<interface name="files_dontaudit_getattr_boot_dirs" lineno="2386"> <summary> Do not audit attempts to get attributes of the /boot directory. @@ -61426,7 +61447,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_search_boot" lineno="2385"> +<interface name="files_search_boot" lineno="2404"> <summary> Search the /boot directory. </summary> @@ -61436,7 +61457,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_boot" lineno="2403"> +<interface name="files_dontaudit_search_boot" lineno="2422"> <summary> Do not audit attempts to search the /boot directory. </summary> @@ -61446,7 +61467,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_boot" lineno="2421"> +<interface name="files_list_boot" lineno="2440"> <summary> List the /boot directory. </summary> @@ -61456,7 +61477,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_list_boot" lineno="2439"> +<interface name="files_dontaudit_list_boot" lineno="2458"> <summary> Do not audit attempts to list the /boot directory. </summary> @@ -61466,7 +61487,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_create_boot_dirs" lineno="2457"> +<interface name="files_create_boot_dirs" lineno="2476"> <summary> Create directories in /boot </summary> @@ -61476,7 +61497,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_boot_dirs" lineno="2476"> +<interface name="files_manage_boot_dirs" lineno="2495"> <summary> Create, read, write, and delete directories in /boot. @@ -61487,7 +61508,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_boot_filetrans" lineno="2510"> +<interface name="files_boot_filetrans" lineno="2529"> <summary> Create a private type object in boot with an automatic type transition @@ -61513,7 +61534,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_read_boot_files" lineno="2529"> +<interface name="files_read_boot_files" lineno="2548"> <summary> read files in the /boot directory. </summary> @@ -61524,7 +61545,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_boot_files" lineno="2549"> +<interface name="files_manage_boot_files" lineno="2568"> <summary> Create, read, write, and delete files in the /boot directory. @@ -61536,7 +61557,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_relabelfrom_boot_files" lineno="2567"> +<interface name="files_relabelfrom_boot_files" lineno="2586"> <summary> Relabel from files in the /boot directory. </summary> @@ -61546,7 +61567,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_boot_symlinks" lineno="2585"> +<interface name="files_read_boot_symlinks" lineno="2604"> <summary> Read symbolic links in the /boot directory. </summary> @@ -61556,7 +61577,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_rw_boot_symlinks" lineno="2604"> +<interface name="files_rw_boot_symlinks" lineno="2623"> <summary> Read and write symbolic links in the /boot directory. @@ -61567,7 +61588,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_boot_symlinks" lineno="2624"> +<interface name="files_manage_boot_symlinks" lineno="2643"> <summary> Create, read, write, and delete symbolic links in the /boot directory. @@ -61578,7 +61599,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_kernel_img" lineno="2642"> +<interface name="files_read_kernel_img" lineno="2661"> <summary> Read kernel files in the /boot directory. </summary> @@ -61588,7 +61609,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_create_kernel_img" lineno="2663"> +<interface name="files_create_kernel_img" lineno="2682"> <summary> Install a kernel into the /boot directory. </summary> @@ -61599,7 +61620,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_delete_kernel" lineno="2683"> +<interface name="files_delete_kernel" lineno="2702"> <summary> Delete a kernel from /boot. </summary> @@ -61610,7 +61631,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_getattr_default_dirs" lineno="2701"> +<interface name="files_getattr_default_dirs" lineno="2720"> <summary> Getattr of directories with the default file type. </summary> @@ -61620,7 +61641,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_default_dirs" lineno="2720"> +<interface name="files_dontaudit_getattr_default_dirs" lineno="2739"> <summary> Do not audit attempts to get the attributes of directories with the default file type. @@ -61631,7 +61652,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_search_default" lineno="2738"> +<interface name="files_search_default" lineno="2757"> <summary> Search the contents of directories with the default file type. </summary> @@ -61641,7 +61662,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_list_default" lineno="2756"> +<interface name="files_list_default" lineno="2775"> <summary> List contents of directories with the default file type. </summary> @@ -61651,7 +61672,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_list_default" lineno="2775"> +<interface name="files_dontaudit_list_default" lineno="2794"> <summary> Do not audit attempts to list contents of directories with the default file type. @@ -61662,7 +61683,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_manage_default_dirs" lineno="2794"> +<interface name="files_manage_default_dirs" lineno="2813"> <summary> Create, read, write, and delete directories with the default file type. @@ -61673,7 +61694,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_default" lineno="2812"> +<interface name="files_mounton_default" lineno="2831"> <summary> Mount a filesystem on a directory with the default file type. </summary> @@ -61683,7 +61704,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_default_files" lineno="2831"> +<interface name="files_dontaudit_getattr_default_files" lineno="2850"> <summary> Do not audit attempts to get the attributes of files with the default file type. @@ -61694,7 +61715,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_read_default_files" lineno="2849"> +<interface name="files_read_default_files" lineno="2868"> <summary> Read files with the default file type. </summary> @@ -61704,7 +61725,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_read_default_files" lineno="2868"> +<interface name="files_dontaudit_read_default_files" lineno="2887"> <summary> Do not audit attempts to read files with the default file type. @@ -61715,7 +61736,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_manage_default_files" lineno="2887"> +<interface name="files_manage_default_files" lineno="2906"> <summary> Create, read, write, and delete files with the default file type. @@ -61726,7 +61747,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_default_symlinks" lineno="2905"> +<interface name="files_read_default_symlinks" lineno="2924"> <summary> Read symbolic links with the default file type. </summary> @@ -61736,7 +61757,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_default_sockets" lineno="2923"> +<interface name="files_read_default_sockets" lineno="2942"> <summary> Read sockets with the default file type. </summary> @@ -61746,7 +61767,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_default_pipes" lineno="2941"> +<interface name="files_read_default_pipes" lineno="2960"> <summary> Read named pipes with the default file type. </summary> @@ -61756,7 +61777,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_etc" lineno="2959"> +<interface name="files_search_etc" lineno="2978"> <summary> Search the contents of /etc directories. </summary> @@ -61766,7 +61787,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_setattr_etc_dirs" lineno="2977"> +<interface name="files_setattr_etc_dirs" lineno="2996"> <summary> Set the attributes of the /etc directories. </summary> @@ -61776,7 +61797,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_list_etc" lineno="2995"> +<interface name="files_list_etc" lineno="3014"> <summary> List the contents of /etc directories. </summary> @@ -61786,7 +61807,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_write_etc_dirs" lineno="3013"> +<interface name="files_dontaudit_write_etc_dirs" lineno="3032"> <summary> Do not audit attempts to write to /etc dirs. </summary> @@ -61796,7 +61817,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_rw_etc_dirs" lineno="3031"> +<interface name="files_rw_etc_dirs" lineno="3050"> <summary> Add and remove entries from /etc directories. </summary> @@ -61806,7 +61827,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_etc_dirs" lineno="3050"> +<interface name="files_manage_etc_dirs" lineno="3069"> <summary> Manage generic directories in /etc </summary> @@ -61817,7 +61838,7 @@ Domain allowed access </param> </interface> -<interface name="files_relabelto_etc_dirs" lineno="3068"> +<interface name="files_relabelto_etc_dirs" lineno="3087"> <summary> Relabel directories to etc_t. </summary> @@ -61827,7 +61848,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_etc_dirs" lineno="3087"> +<interface name="files_mounton_etc_dirs" lineno="3106"> <summary> Mount a filesystem on the etc directories. @@ -61838,7 +61859,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_remount_etc" lineno="3105"> +<interface name="files_remount_etc" lineno="3124"> <summary> Remount etc filesystems. </summary> @@ -61848,7 +61869,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_watch_etc_dirs" lineno="3123"> +<interface name="files_watch_etc_dirs" lineno="3142"> <summary> Watch /etc directories </summary> @@ -61858,7 +61879,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_etc_files" lineno="3175"> +<interface name="files_read_etc_files" lineno="3194"> <summary> Read generic files in /etc. </summary> @@ -61902,7 +61923,7 @@ Domain allowed access. </param> <infoflow type="read" weight="10"/> </interface> -<interface name="files_map_etc_files" lineno="3207"> +<interface name="files_map_etc_files" lineno="3226"> <summary> Map generic files in /etc. </summary> @@ -61924,7 +61945,7 @@ Domain allowed access. </param> <infoflow type="read" weight="10"/> </interface> -<interface name="files_dontaudit_write_etc_files" lineno="3225"> +<interface name="files_dontaudit_write_etc_files" lineno="3244"> <summary> Do not audit attempts to write generic files in /etc. </summary> @@ -61934,7 +61955,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_rw_etc_files" lineno="3244"> +<interface name="files_rw_etc_files" lineno="3263"> <summary> Read and write generic files in /etc. </summary> @@ -61945,7 +61966,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_etc_files" lineno="3266"> +<interface name="files_manage_etc_files" lineno="3285"> <summary> Create, read, write, and delete generic files in /etc. @@ -61957,7 +61978,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_dontaudit_manage_etc_files" lineno="3287"> +<interface name="files_dontaudit_manage_etc_files" lineno="3306"> <summary> Do not audit attempts to create, read, write, and delete generic files in /etc. @@ -61969,7 +61990,7 @@ Domain to not audit. </param> <rolecap/> </interface> -<interface name="files_delete_etc_files" lineno="3305"> +<interface name="files_delete_etc_files" lineno="3324"> <summary> Delete system configuration files in /etc. </summary> @@ -61979,7 +62000,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_exec_etc_files" lineno="3323"> +<interface name="files_exec_etc_files" lineno="3342"> <summary> Execute generic files in /etc. </summary> @@ -61989,7 +62010,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_watch_etc_files" lineno="3343"> +<interface name="files_watch_etc_files" lineno="3362"> <summary> Watch /etc files. </summary> @@ -61999,7 +62020,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_get_etc_unit_status" lineno="3361"> +<interface name="files_get_etc_unit_status" lineno="3380"> <summary> Get etc_t service status. </summary> @@ -62009,7 +62030,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_start_etc_service" lineno="3380"> +<interface name="files_start_etc_service" lineno="3399"> <summary> start etc_t service </summary> @@ -62019,7 +62040,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_stop_etc_service" lineno="3399"> +<interface name="files_stop_etc_service" lineno="3418"> <summary> stop etc_t service </summary> @@ -62029,7 +62050,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_etc_files" lineno="3418"> +<interface name="files_relabel_etc_files" lineno="3437"> <summary> Relabel from and to generic files in /etc. </summary> @@ -62039,7 +62060,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_etc_symlinks" lineno="3437"> +<interface name="files_read_etc_symlinks" lineno="3456"> <summary> Read symbolic links in /etc. </summary> @@ -62049,7 +62070,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_watch_etc_symlinks" lineno="3455"> +<interface name="files_watch_etc_symlinks" lineno="3474"> <summary> Watch /etc symlinks </summary> @@ -62059,7 +62080,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_etc_symlinks" lineno="3473"> +<interface name="files_manage_etc_symlinks" lineno="3492"> <summary> Create, read, write, and delete symbolic links in /etc. </summary> @@ -62069,7 +62090,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_etc_filetrans" lineno="3507"> +<interface name="files_etc_filetrans" lineno="3526"> <summary> Create objects in /etc with a private type using a type_transition. @@ -62095,7 +62116,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_create_boot_flag" lineno="3537"> +<interface name="files_create_boot_flag" lineno="3556"> <summary> Create a boot flag. </summary> @@ -62117,7 +62138,7 @@ The name of the object being created. </param> <rolecap/> </interface> -<interface name="files_delete_boot_flag" lineno="3563"> +<interface name="files_delete_boot_flag" lineno="3582"> <summary> Delete a boot flag. </summary> @@ -62134,7 +62155,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_getattr_etc_runtime_dirs" lineno="3582"> +<interface name="files_getattr_etc_runtime_dirs" lineno="3601"> <summary> Get the attributes of the etc_runtime directories. @@ -62145,7 +62166,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_etc_runtime_dirs" lineno="3601"> +<interface name="files_mounton_etc_runtime_dirs" lineno="3620"> <summary> Mount a filesystem on the etc_runtime directories. @@ -62156,7 +62177,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabelto_etc_runtime_dirs" lineno="3619"> +<interface name="files_relabelto_etc_runtime_dirs" lineno="3638"> <summary> Relabel to etc_runtime_t dirs. </summary> @@ -62166,7 +62187,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3637"> +<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3656"> <summary> Do not audit attempts to set the attributes of the etc_runtime files </summary> @@ -62176,7 +62197,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_read_etc_runtime_files" lineno="3675"> +<interface name="files_read_etc_runtime_files" lineno="3694"> <summary> Read files in /etc that are dynamically created on boot, such as mtab. @@ -62206,7 +62227,7 @@ Domain allowed access. <infoflow type="read" weight="10" /> <rolecap/> </interface> -<interface name="files_dontaudit_read_etc_runtime_files" lineno="3697"> +<interface name="files_dontaudit_read_etc_runtime_files" lineno="3716"> <summary> Do not audit attempts to read files in /etc that are dynamically @@ -62218,7 +62239,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_dontaudit_read_etc_files" lineno="3716"> +<interface name="files_dontaudit_read_etc_files" lineno="3735"> <summary> Do not audit attempts to read files in /etc @@ -62229,7 +62250,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_dontaudit_write_etc_runtime_files" lineno="3735"> +<interface name="files_dontaudit_write_etc_runtime_files" lineno="3754"> <summary> Do not audit attempts to write etc runtime files. @@ -62240,7 +62261,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_rw_etc_runtime_files" lineno="3755"> +<interface name="files_rw_etc_runtime_files" lineno="3774"> <summary> Read and write files in /etc that are dynamically created on boot, such as mtab. @@ -62252,7 +62273,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_etc_runtime_files" lineno="3777"> +<interface name="files_manage_etc_runtime_files" lineno="3796"> <summary> Create, read, write, and delete files in /etc that are dynamically created on boot, @@ -62265,7 +62286,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_relabelto_etc_runtime_files" lineno="3795"> +<interface name="files_relabelto_etc_runtime_files" lineno="3814"> <summary> Relabel to etc_runtime_t files. </summary> @@ -62275,7 +62296,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_etc_filetrans_etc_runtime" lineno="3824"> +<interface name="files_etc_filetrans_etc_runtime" lineno="3843"> <summary> Create, etc runtime objects with an automatic type transition. @@ -62296,7 +62317,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_getattr_home_dir" lineno="3843"> +<interface name="files_getattr_home_dir" lineno="3862"> <summary> Get the attributes of the home directories root (/home). @@ -62307,7 +62328,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_home_dir" lineno="3864"> +<interface name="files_dontaudit_getattr_home_dir" lineno="3883"> <summary> Do not audit attempts to get the attributes of the home directories root @@ -62319,7 +62340,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_search_home" lineno="3883"> +<interface name="files_search_home" lineno="3902"> <summary> Search home directories root (/home). </summary> @@ -62329,7 +62350,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_home" lineno="3903"> +<interface name="files_dontaudit_search_home" lineno="3922"> <summary> Do not audit attempts to search home directories root (/home). @@ -62340,7 +62361,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_dontaudit_list_home" lineno="3923"> +<interface name="files_dontaudit_list_home" lineno="3942"> <summary> Do not audit attempts to list home directories root (/home). @@ -62351,7 +62372,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_home" lineno="3942"> +<interface name="files_list_home" lineno="3961"> <summary> Get listing of home directories. </summary> @@ -62361,7 +62382,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabelto_home" lineno="3961"> +<interface name="files_relabelto_home" lineno="3980"> <summary> Relabel to user home root (/home). </summary> @@ -62371,7 +62392,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabelfrom_home" lineno="3979"> +<interface name="files_relabelfrom_home" lineno="3998"> <summary> Relabel from user home root (/home). </summary> @@ -62381,7 +62402,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_watch_home" lineno="3997"> +<interface name="files_watch_home" lineno="4016"> <summary> Watch the user home root (/home). </summary> @@ -62391,7 +62412,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_home_filetrans" lineno="4030"> +<interface name="files_home_filetrans" lineno="4049"> <summary> Create objects in /home. </summary> @@ -62416,7 +62437,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_getattr_lost_found_dirs" lineno="4048"> +<interface name="files_getattr_lost_found_dirs" lineno="4067"> <summary> Get the attributes of lost+found directories. </summary> @@ -62426,7 +62447,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="4067"> +<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="4086"> <summary> Do not audit attempts to get the attributes of lost+found directories. @@ -62437,7 +62458,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_lost_found" lineno="4085"> +<interface name="files_list_lost_found" lineno="4104"> <summary> List the contents of lost+found directories. </summary> @@ -62447,7 +62468,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_lost_found" lineno="4105"> +<interface name="files_manage_lost_found" lineno="4124"> <summary> Create, read, write, and delete objects in lost+found directories. @@ -62459,7 +62480,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_search_mnt" lineno="4127"> +<interface name="files_search_mnt" lineno="4146"> <summary> Search the contents of /mnt. </summary> @@ -62469,7 +62490,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_mnt" lineno="4145"> +<interface name="files_dontaudit_search_mnt" lineno="4164"> <summary> Do not audit attempts to search /mnt. </summary> @@ -62479,7 +62500,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_mnt" lineno="4163"> +<interface name="files_list_mnt" lineno="4182"> <summary> List the contents of /mnt. </summary> @@ -62489,7 +62510,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_list_mnt" lineno="4181"> +<interface name="files_dontaudit_list_mnt" lineno="4200"> <summary> Do not audit attempts to list the contents of /mnt. </summary> @@ -62499,7 +62520,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_mnt" lineno="4199"> +<interface name="files_mounton_mnt" lineno="4218"> <summary> Mount a filesystem on /mnt. </summary> @@ -62509,7 +62530,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_mnt_dirs" lineno="4218"> +<interface name="files_manage_mnt_dirs" lineno="4237"> <summary> Create, read, write, and delete directories in /mnt. </summary> @@ -62520,7 +62541,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_mnt_files" lineno="4236"> +<interface name="files_manage_mnt_files" lineno="4255"> <summary> Create, read, write, and delete files in /mnt. </summary> @@ -62530,7 +62551,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_mnt_files" lineno="4254"> +<interface name="files_read_mnt_files" lineno="4273"> <summary> read files in /mnt. </summary> @@ -62540,7 +62561,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_mnt_symlinks" lineno="4272"> +<interface name="files_read_mnt_symlinks" lineno="4291"> <summary> Read symbolic links in /mnt. </summary> @@ -62550,7 +62571,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_mnt_symlinks" lineno="4290"> +<interface name="files_manage_mnt_symlinks" lineno="4309"> <summary> Create, read, write, and delete symbolic links in /mnt. </summary> @@ -62560,7 +62581,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_kernel_modules" lineno="4308"> +<interface name="files_search_kernel_modules" lineno="4327"> <summary> Search the contents of the kernel module directories. </summary> @@ -62570,7 +62591,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_list_kernel_modules" lineno="4327"> +<interface name="files_list_kernel_modules" lineno="4346"> <summary> List the contents of the kernel module directories. </summary> @@ -62580,7 +62601,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_getattr_kernel_modules" lineno="4346"> +<interface name="files_getattr_kernel_modules" lineno="4365"> <summary> Get the attributes of kernel module files. </summary> @@ -62590,7 +62611,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_kernel_modules" lineno="4364"> +<interface name="files_read_kernel_modules" lineno="4383"> <summary> Read kernel module files. </summary> @@ -62600,7 +62621,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mmap_read_kernel_modules" lineno="4384"> +<interface name="files_mmap_read_kernel_modules" lineno="4403"> <summary> Read and mmap kernel module files. </summary> @@ -62610,7 +62631,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_write_kernel_modules" lineno="4405"> +<interface name="files_write_kernel_modules" lineno="4424"> <summary> Write kernel module files. </summary> @@ -62620,7 +62641,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_kernel_modules" lineno="4424"> +<interface name="files_delete_kernel_modules" lineno="4443"> <summary> Delete kernel module files. </summary> @@ -62630,7 +62651,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_kernel_modules" lineno="4444"> +<interface name="files_manage_kernel_modules" lineno="4463"> <summary> Create, read, write, and delete kernel module files. @@ -62642,7 +62663,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_relabel_kernel_modules" lineno="4464"> +<interface name="files_relabel_kernel_modules" lineno="4483"> <summary> Relabel from and to kernel module files. </summary> @@ -62652,7 +62673,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_kernel_modules_dirs" lineno="4483"> +<interface name="files_mounton_kernel_modules_dirs" lineno="4502"> <summary> Mount on kernel module directories. </summary> @@ -62662,7 +62683,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_kernel_modules_filetrans" lineno="4517"> +<interface name="files_kernel_modules_filetrans" lineno="4536"> <summary> Create objects in the kernel module directories with a private type via an automatic type transition. @@ -62688,7 +62709,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_load_kernel_modules" lineno="4535"> +<interface name="files_load_kernel_modules" lineno="4554"> <summary> Load kernel module files. </summary> @@ -62698,7 +62719,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_load_kernel_modules" lineno="4554"> +<interface name="files_dontaudit_load_kernel_modules" lineno="4573"> <summary> Load kernel module files. </summary> @@ -62708,7 +62729,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_list_world_readable" lineno="4574"> +<interface name="files_list_world_readable" lineno="4593"> <summary> List world-readable directories. </summary> @@ -62719,7 +62740,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_read_world_readable_files" lineno="4593"> +<interface name="files_read_world_readable_files" lineno="4612"> <summary> Read world-readable files. </summary> @@ -62730,7 +62751,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_read_world_readable_symlinks" lineno="4612"> +<interface name="files_read_world_readable_symlinks" lineno="4631"> <summary> Read world-readable symbolic links. </summary> @@ -62741,7 +62762,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_read_world_readable_pipes" lineno="4630"> +<interface name="files_read_world_readable_pipes" lineno="4649"> <summary> Read world-readable named pipes. </summary> @@ -62751,7 +62772,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_world_readable_sockets" lineno="4648"> +<interface name="files_read_world_readable_sockets" lineno="4667"> <summary> Read world-readable sockets. </summary> @@ -62761,7 +62782,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_associate_tmp" lineno="4668"> +<interface name="files_associate_tmp" lineno="4687"> <summary> Allow the specified type to associate to a filesystem with the type of the @@ -62773,7 +62794,7 @@ Type of the file to associate. </summary> </param> </interface> -<interface name="files_getattr_tmp_dirs" lineno="4686"> +<interface name="files_getattr_tmp_dirs" lineno="4705"> <summary> Get the attributes of the tmp directory (/tmp). </summary> @@ -62783,7 +62804,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4705"> +<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4724"> <summary> Do not audit attempts to get the attributes of the tmp directory (/tmp). @@ -62794,7 +62815,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_tmp" lineno="4723"> +<interface name="files_search_tmp" lineno="4742"> <summary> Search the tmp directory (/tmp). </summary> @@ -62804,7 +62825,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_tmp" lineno="4741"> +<interface name="files_dontaudit_search_tmp" lineno="4760"> <summary> Do not audit attempts to search the tmp directory (/tmp). </summary> @@ -62814,7 +62835,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_tmp" lineno="4759"> +<interface name="files_list_tmp" lineno="4778"> <summary> Read the tmp directory (/tmp). </summary> @@ -62824,7 +62845,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_list_tmp" lineno="4777"> +<interface name="files_dontaudit_list_tmp" lineno="4796"> <summary> Do not audit listing of the tmp directory (/tmp). </summary> @@ -62834,7 +62855,7 @@ Domain not to audit. </summary> </param> </interface> -<interface name="files_delete_tmp_dir_entry" lineno="4795"> +<interface name="files_delete_tmp_dir_entry" lineno="4814"> <summary> Remove entries from the tmp directory. </summary> @@ -62844,7 +62865,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_generic_tmp_files" lineno="4813"> +<interface name="files_read_generic_tmp_files" lineno="4832"> <summary> Read files in the tmp directory (/tmp). </summary> @@ -62854,7 +62875,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_generic_tmp_dirs" lineno="4831"> +<interface name="files_manage_generic_tmp_dirs" lineno="4850"> <summary> Manage temporary directories in /tmp. </summary> @@ -62864,7 +62885,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_generic_tmp_dirs" lineno="4849"> +<interface name="files_relabel_generic_tmp_dirs" lineno="4868"> <summary> Relabel temporary directories in /tmp. </summary> @@ -62874,7 +62895,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_generic_tmp_files" lineno="4867"> +<interface name="files_manage_generic_tmp_files" lineno="4886"> <summary> Manage temporary files and directories in /tmp. </summary> @@ -62884,7 +62905,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_generic_tmp_symlinks" lineno="4885"> +<interface name="files_read_generic_tmp_symlinks" lineno="4904"> <summary> Read symbolic links in the tmp directory (/tmp). </summary> @@ -62894,7 +62915,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_rw_generic_tmp_sockets" lineno="4903"> +<interface name="files_rw_generic_tmp_sockets" lineno="4922"> <summary> Read and write generic named sockets in the tmp directory (/tmp). </summary> @@ -62904,7 +62925,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_tmp" lineno="4921"> +<interface name="files_mounton_tmp" lineno="4940"> <summary> Mount filesystems in the tmp directory (/tmp) </summary> @@ -62914,7 +62935,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_setattr_all_tmp_dirs" lineno="4939"> +<interface name="files_setattr_all_tmp_dirs" lineno="4958"> <summary> Set the attributes of all tmp directories. </summary> @@ -62924,7 +62945,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_list_all_tmp" lineno="4957"> +<interface name="files_list_all_tmp" lineno="4976"> <summary> List all tmp directories. </summary> @@ -62934,7 +62955,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_all_tmp_dirs" lineno="4977"> +<interface name="files_relabel_all_tmp_dirs" lineno="4996"> <summary> Relabel to and from all temporary directory types. @@ -62946,7 +62967,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4998"> +<interface name="files_dontaudit_getattr_all_tmp_files" lineno="5017"> <summary> Do not audit attempts to get the attributes of all tmp files. @@ -62957,7 +62978,7 @@ Domain not to audit. </summary> </param> </interface> -<interface name="files_getattr_all_tmp_files" lineno="5017"> +<interface name="files_getattr_all_tmp_files" lineno="5036"> <summary> Allow attempts to get the attributes of all tmp files. @@ -62968,7 +62989,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_all_tmp_files" lineno="5037"> +<interface name="files_relabel_all_tmp_files" lineno="5056"> <summary> Relabel to and from all temporary file types. @@ -62980,7 +63001,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="5058"> +<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="5077"> <summary> Do not audit attempts to get the attributes of all tmp sock_file. @@ -62991,7 +63012,7 @@ Domain not to audit. </summary> </param> </interface> -<interface name="files_read_all_tmp_files" lineno="5076"> +<interface name="files_read_all_tmp_files" lineno="5095"> <summary> Read all tmp files. </summary> @@ -63001,7 +63022,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_tmp_filetrans" lineno="5110"> +<interface name="files_tmp_filetrans" lineno="5129"> <summary> Create an object in the tmp directories, with a private type using a type transition. @@ -63027,7 +63048,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_purge_tmp" lineno="5128"> +<interface name="files_purge_tmp" lineno="5147"> <summary> Delete the contents of /tmp. </summary> @@ -63037,7 +63058,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_getattr_all_tmpfs_files" lineno="5151"> +<interface name="files_getattr_all_tmpfs_files" lineno="5170"> <summary> Get the attributes of all tmpfs files. </summary> @@ -63047,7 +63068,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_setattr_usr_dirs" lineno="5170"> +<interface name="files_setattr_usr_dirs" lineno="5189"> <summary> Set the attributes of the /usr directory. </summary> @@ -63057,7 +63078,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_usr" lineno="5188"> +<interface name="files_search_usr" lineno="5207"> <summary> Search the content of /usr. </summary> @@ -63067,7 +63088,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_list_usr" lineno="5207"> +<interface name="files_list_usr" lineno="5226"> <summary> List the contents of generic directories in /usr. @@ -63078,7 +63099,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_write_usr_dirs" lineno="5225"> +<interface name="files_dontaudit_write_usr_dirs" lineno="5244"> <summary> Do not audit write of /usr dirs </summary> @@ -63088,7 +63109,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_rw_usr_dirs" lineno="5243"> +<interface name="files_rw_usr_dirs" lineno="5262"> <summary> Add and remove entries from /usr directories. </summary> @@ -63098,7 +63119,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_rw_usr_dirs" lineno="5262"> +<interface name="files_dontaudit_rw_usr_dirs" lineno="5281"> <summary> Do not audit attempts to add and remove entries from /usr directories. @@ -63109,7 +63130,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_delete_usr_dirs" lineno="5280"> +<interface name="files_delete_usr_dirs" lineno="5299"> <summary> Delete generic directories in /usr in the caller domain. </summary> @@ -63119,7 +63140,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_watch_usr_dirs" lineno="5298"> +<interface name="files_watch_usr_dirs" lineno="5317"> <summary> Watch generic directories in /usr. </summary> @@ -63129,7 +63150,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_usr_files" lineno="5316"> +<interface name="files_delete_usr_files" lineno="5335"> <summary> Delete generic files in /usr in the caller domain. </summary> @@ -63139,7 +63160,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_getattr_usr_files" lineno="5334"> +<interface name="files_getattr_usr_files" lineno="5353"> <summary> Get the attributes of files in /usr. </summary> @@ -63149,7 +63170,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_map_usr_files" lineno="5353"> +<interface name="files_map_usr_files" lineno="5372"> <summary> Map generic files in /usr. </summary> @@ -63160,7 +63181,7 @@ Domain allowed access. </param> <infoflow type="read" weight="10"/> </interface> -<interface name="files_read_usr_files" lineno="5389"> +<interface name="files_read_usr_files" lineno="5408"> <summary> Read generic files in /usr. </summary> @@ -63188,7 +63209,7 @@ Domain allowed access. </param> <infoflow type="read" weight="10"/> </interface> -<interface name="files_exec_usr_files" lineno="5409"> +<interface name="files_exec_usr_files" lineno="5428"> <summary> Execute generic programs in /usr in the caller domain. </summary> @@ -63198,7 +63219,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_write_usr_files" lineno="5429"> +<interface name="files_dontaudit_write_usr_files" lineno="5448"> <summary> dontaudit write of /usr files </summary> @@ -63208,7 +63229,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_manage_usr_files" lineno="5447"> +<interface name="files_manage_usr_files" lineno="5466"> <summary> Create, read, write, and delete files in the /usr directory. </summary> @@ -63218,7 +63239,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabelto_usr_files" lineno="5465"> +<interface name="files_relabelto_usr_files" lineno="5484"> <summary> Relabel a file to the type used in /usr. </summary> @@ -63228,7 +63249,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabelfrom_usr_files" lineno="5483"> +<interface name="files_relabelfrom_usr_files" lineno="5502"> <summary> Relabel a file from the type used in /usr. </summary> @@ -63238,7 +63259,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_usr_symlinks" lineno="5501"> +<interface name="files_read_usr_symlinks" lineno="5520"> <summary> Read symbolic links in /usr. </summary> @@ -63248,7 +63269,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_usr_filetrans" lineno="5534"> +<interface name="files_usr_filetrans" lineno="5553"> <summary> Create objects in the /usr directory </summary> @@ -63273,7 +63294,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_search_src" lineno="5552"> +<interface name="files_search_src" lineno="5571"> <summary> Search directories in /usr/src. </summary> @@ -63283,7 +63304,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_src" lineno="5570"> +<interface name="files_dontaudit_search_src" lineno="5589"> <summary> Do not audit attempts to search /usr/src. </summary> @@ -63293,7 +63314,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_getattr_usr_src_files" lineno="5588"> +<interface name="files_getattr_usr_src_files" lineno="5607"> <summary> Get the attributes of files in /usr/src. </summary> @@ -63303,7 +63324,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_usr_src_files" lineno="5609"> +<interface name="files_read_usr_src_files" lineno="5628"> <summary> Read files in /usr/src. </summary> @@ -63313,7 +63334,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_exec_usr_src_files" lineno="5630"> +<interface name="files_exec_usr_src_files" lineno="5649"> <summary> Execute programs in /usr/src in the caller domain. </summary> @@ -63323,7 +63344,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_create_kernel_symbol_table" lineno="5650"> +<interface name="files_create_kernel_symbol_table" lineno="5669"> <summary> Install a system.map into the /boot directory. </summary> @@ -63333,7 +63354,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_kernel_symbol_table" lineno="5669"> +<interface name="files_read_kernel_symbol_table" lineno="5688"> <summary> Read system.map in the /boot directory. </summary> @@ -63343,7 +63364,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_kernel_symbol_table" lineno="5688"> +<interface name="files_delete_kernel_symbol_table" lineno="5707"> <summary> Delete a system.map in the /boot directory. </summary> @@ -63353,7 +63374,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_var" lineno="5707"> +<interface name="files_search_var" lineno="5726"> <summary> Search the contents of /var. </summary> @@ -63363,7 +63384,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_write_var_dirs" lineno="5725"> +<interface name="files_dontaudit_write_var_dirs" lineno="5744"> <summary> Do not audit attempts to write to /var. </summary> @@ -63373,7 +63394,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_write_var_dirs" lineno="5743"> +<interface name="files_write_var_dirs" lineno="5762"> <summary> Allow attempts to write to /var.dirs </summary> @@ -63383,7 +63404,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_var" lineno="5762"> +<interface name="files_dontaudit_search_var" lineno="5781"> <summary> Do not audit attempts to search the contents of /var. @@ -63394,7 +63415,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_var" lineno="5780"> +<interface name="files_list_var" lineno="5799"> <summary> List the contents of /var. </summary> @@ -63404,7 +63425,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_list_var" lineno="5799"> +<interface name="files_dontaudit_list_var" lineno="5818"> <summary> Do not audit attempts to list the contents of /var. @@ -63415,7 +63436,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_manage_var_dirs" lineno="5818"> +<interface name="files_manage_var_dirs" lineno="5837"> <summary> Create, read, write, and delete directories in the /var directory. @@ -63426,7 +63447,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_var_dirs" lineno="5836"> +<interface name="files_relabel_var_dirs" lineno="5855"> <summary> relabelto/from var directories </summary> @@ -63436,7 +63457,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_var_files" lineno="5854"> +<interface name="files_read_var_files" lineno="5873"> <summary> Read files in the /var directory. </summary> @@ -63446,7 +63467,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_append_var_files" lineno="5872"> +<interface name="files_append_var_files" lineno="5891"> <summary> Append files in the /var directory. </summary> @@ -63456,7 +63477,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_rw_var_files" lineno="5890"> +<interface name="files_rw_var_files" lineno="5909"> <summary> Read and write files in the /var directory. </summary> @@ -63466,7 +63487,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_rw_var_files" lineno="5909"> +<interface name="files_dontaudit_rw_var_files" lineno="5928"> <summary> Do not audit attempts to read and write files in the /var directory. @@ -63477,7 +63498,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_manage_var_files" lineno="5927"> +<interface name="files_manage_var_files" lineno="5946"> <summary> Create, read, write, and delete files in the /var directory. </summary> @@ -63487,7 +63508,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_var_symlinks" lineno="5945"> +<interface name="files_read_var_symlinks" lineno="5964"> <summary> Read symbolic links in the /var directory. </summary> @@ -63497,7 +63518,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_var_symlinks" lineno="5964"> +<interface name="files_manage_var_symlinks" lineno="5983"> <summary> Create, read, write, and delete symbolic links in the /var directory. @@ -63508,7 +63529,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_var_filetrans" lineno="5997"> +<interface name="files_var_filetrans" lineno="6016"> <summary> Create objects in the /var directory </summary> @@ -63533,7 +63554,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_getattr_var_lib_dirs" lineno="6015"> +<interface name="files_getattr_var_lib_dirs" lineno="6034"> <summary> Get the attributes of the /var/lib directory. </summary> @@ -63543,7 +63564,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_var_lib" lineno="6047"> +<interface name="files_search_var_lib" lineno="6066"> <summary> Search the /var/lib directory. </summary> @@ -63567,7 +63588,7 @@ Domain allowed access. </param> <infoflow type="read" weight="5"/> </interface> -<interface name="files_dontaudit_search_var_lib" lineno="6067"> +<interface name="files_dontaudit_search_var_lib" lineno="6086"> <summary> Do not audit attempts to search the contents of /var/lib. @@ -63579,7 +63600,7 @@ Domain to not audit. </param> <infoflow type="read" weight="5"/> </interface> -<interface name="files_list_var_lib" lineno="6085"> +<interface name="files_list_var_lib" lineno="6104"> <summary> List the contents of the /var/lib directory. </summary> @@ -63589,7 +63610,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_rw_var_lib_dirs" lineno="6103"> +<interface name="files_rw_var_lib_dirs" lineno="6122"> <summary> Read-write /var/lib directories </summary> @@ -63599,7 +63620,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_var_lib_dirs" lineno="6121"> +<interface name="files_manage_var_lib_dirs" lineno="6140"> <summary> manage var_lib_t dirs </summary> @@ -63609,7 +63630,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_var_lib_dirs" lineno="6140"> +<interface name="files_relabel_var_lib_dirs" lineno="6159"> <summary> relabel var_lib_t dirs </summary> @@ -63619,7 +63640,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_var_lib_filetrans" lineno="6174"> +<interface name="files_var_lib_filetrans" lineno="6193"> <summary> Create objects in the /var/lib directory </summary> @@ -63644,7 +63665,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_read_var_lib_files" lineno="6193"> +<interface name="files_read_var_lib_files" lineno="6212"> <summary> Read generic files in /var/lib. </summary> @@ -63654,7 +63675,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_var_lib_symlinks" lineno="6212"> +<interface name="files_read_var_lib_symlinks" lineno="6231"> <summary> Read generic symbolic links in /var/lib </summary> @@ -63664,7 +63685,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_urandom_seed" lineno="6234"> +<interface name="files_manage_urandom_seed" lineno="6253"> <summary> Create, read, write, and delete the pseudorandom number generator seed. @@ -63675,7 +63696,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_mounttab" lineno="6254"> +<interface name="files_manage_mounttab" lineno="6273"> <summary> Allow domain to manage mount tables necessary for rpcd, nfsd, etc. @@ -63686,7 +63707,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_setattr_lock_dirs" lineno="6273"> +<interface name="files_setattr_lock_dirs" lineno="6292"> <summary> Set the attributes of the generic lock directories. </summary> @@ -63696,7 +63717,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_locks" lineno="6291"> +<interface name="files_search_locks" lineno="6310"> <summary> Search the locks directory (/var/lock). </summary> @@ -63706,7 +63727,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_locks" lineno="6311"> +<interface name="files_dontaudit_search_locks" lineno="6330"> <summary> Do not audit attempts to search the locks directory (/var/lock). @@ -63717,7 +63738,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_locks" lineno="6330"> +<interface name="files_list_locks" lineno="6349"> <summary> List generic lock directories. </summary> @@ -63727,7 +63748,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_check_write_lock_dirs" lineno="6349"> +<interface name="files_check_write_lock_dirs" lineno="6368"> <summary> Test write access on lock directories. </summary> @@ -63737,7 +63758,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_add_entry_lock_dirs" lineno="6368"> +<interface name="files_add_entry_lock_dirs" lineno="6387"> <summary> Add entries in the /var/lock directories. </summary> @@ -63747,7 +63768,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_rw_lock_dirs" lineno="6388"> +<interface name="files_rw_lock_dirs" lineno="6407"> <summary> Add and remove entries in the /var/lock directories. @@ -63758,7 +63779,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_create_lock_dirs" lineno="6407"> +<interface name="files_create_lock_dirs" lineno="6426"> <summary> Create lock directories </summary> @@ -63768,7 +63789,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="files_relabel_all_lock_dirs" lineno="6428"> +<interface name="files_relabel_all_lock_dirs" lineno="6447"> <summary> Relabel to and from all lock directory types. </summary> @@ -63779,7 +63800,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_getattr_generic_locks" lineno="6449"> +<interface name="files_getattr_generic_locks" lineno="6468"> <summary> Get the attributes of generic lock files. </summary> @@ -63789,7 +63810,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_generic_locks" lineno="6470"> +<interface name="files_delete_generic_locks" lineno="6489"> <summary> Delete generic lock files. </summary> @@ -63799,7 +63820,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_generic_locks" lineno="6491"> +<interface name="files_manage_generic_locks" lineno="6510"> <summary> Create, read, write, and delete generic lock files. @@ -63810,7 +63831,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_all_locks" lineno="6513"> +<interface name="files_delete_all_locks" lineno="6532"> <summary> Delete all lock files. </summary> @@ -63821,7 +63842,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_read_all_locks" lineno="6534"> +<interface name="files_read_all_locks" lineno="6553"> <summary> Read all lock files. </summary> @@ -63831,7 +63852,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_all_locks" lineno="6557"> +<interface name="files_manage_all_locks" lineno="6576"> <summary> manage all lock files. </summary> @@ -63841,7 +63862,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_all_locks" lineno="6580"> +<interface name="files_relabel_all_locks" lineno="6599"> <summary> Relabel from/to all lock files. </summary> @@ -63851,7 +63872,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_lock_filetrans" lineno="6619"> +<interface name="files_lock_filetrans" lineno="6638"> <summary> Create an object in the locks directory, with a private type using a type transition. @@ -63877,7 +63898,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_runtime_dirs" lineno="6640"> +<interface name="files_dontaudit_getattr_runtime_dirs" lineno="6659"> <summary> Do not audit attempts to get the attributes of the /var/run directory. @@ -63888,7 +63909,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_mounton_runtime_dirs" lineno="6659"> +<interface name="files_mounton_runtime_dirs" lineno="6678"> <summary> mounton a /var/run directory. </summary> @@ -63898,7 +63919,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_setattr_runtime_dirs" lineno="6677"> +<interface name="files_setattr_runtime_dirs" lineno="6696"> <summary> Set the attributes of the /var/run directory. </summary> @@ -63908,7 +63929,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_runtime" lineno="6697"> +<interface name="files_search_runtime" lineno="6716"> <summary> Search the contents of runtime process ID directories (/var/run). @@ -63919,7 +63940,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_runtime" lineno="6717"> +<interface name="files_dontaudit_search_runtime" lineno="6736"> <summary> Do not audit attempts to search the /var/run directory. @@ -63930,7 +63951,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_runtime" lineno="6737"> +<interface name="files_list_runtime" lineno="6756"> <summary> List the contents of the runtime process ID directories (/var/run). @@ -63941,7 +63962,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_check_write_runtime_dirs" lineno="6756"> +<interface name="files_check_write_runtime_dirs" lineno="6775"> <summary> Check write access on /var/run directories. </summary> @@ -63951,7 +63972,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_create_runtime_dirs" lineno="6774"> +<interface name="files_create_runtime_dirs" lineno="6793"> <summary> Create a /var/run directory. </summary> @@ -63961,7 +63982,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_watch_runtime_dirs" lineno="6792"> +<interface name="files_watch_runtime_dirs" lineno="6811"> <summary> Watch /var/run directories. </summary> @@ -63971,7 +63992,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_runtime_files" lineno="6810"> +<interface name="files_read_runtime_files" lineno="6829"> <summary> Read generic runtime files. </summary> @@ -63981,7 +64002,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_exec_runtime" lineno="6830"> +<interface name="files_exec_runtime" lineno="6849"> <summary> Execute generic programs in /var/run in the caller domain. </summary> @@ -63991,7 +64012,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_rw_runtime_files" lineno="6848"> +<interface name="files_rw_runtime_files" lineno="6867"> <summary> Read and write generic runtime files. </summary> @@ -64001,7 +64022,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_runtime_symlinks" lineno="6868"> +<interface name="files_delete_runtime_symlinks" lineno="6887"> <summary> Delete generic runtime symlinks. </summary> @@ -64011,7 +64032,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_write_runtime_pipes" lineno="6886"> +<interface name="files_write_runtime_pipes" lineno="6905"> <summary> Write named generic runtime pipes. </summary> @@ -64021,7 +64042,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_all_runtime_dirs" lineno="6906"> +<interface name="files_delete_all_runtime_dirs" lineno="6925"> <summary> Delete all runtime dirs. </summary> @@ -64032,7 +64053,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_all_runtime_dirs" lineno="6924"> +<interface name="files_manage_all_runtime_dirs" lineno="6943"> <summary> Create, read, write, and delete all runtime directories. </summary> @@ -64042,7 +64063,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_all_runtime_dirs" lineno="6942"> +<interface name="files_relabel_all_runtime_dirs" lineno="6961"> <summary> Relabel all runtime directories. </summary> @@ -64052,7 +64073,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_getattr_all_runtime_files" lineno="6961"> +<interface name="files_dontaudit_getattr_all_runtime_files" lineno="6980"> <summary> Do not audit attempts to get the attributes of all runtime data files. @@ -64063,7 +64084,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_read_all_runtime_files" lineno="6982"> +<interface name="files_read_all_runtime_files" lineno="7001"> <summary> Read all runtime files. </summary> @@ -64074,7 +64095,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_dontaudit_ioctl_all_runtime_files" lineno="7003"> +<interface name="files_dontaudit_ioctl_all_runtime_files" lineno="7022"> <summary> Do not audit attempts to ioctl all runtime files. </summary> @@ -64084,7 +64105,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_dontaudit_write_all_runtime_files" lineno="7023"> +<interface name="files_dontaudit_write_all_runtime_files" lineno="7042"> <summary> Do not audit attempts to write to all runtime files. </summary> @@ -64094,7 +64115,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_delete_all_runtime_files" lineno="7044"> +<interface name="files_delete_all_runtime_files" lineno="7063"> <summary> Delete all runtime files. </summary> @@ -64105,7 +64126,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_all_runtime_files" lineno="7063"> +<interface name="files_manage_all_runtime_files" lineno="7082"> <summary> Create, read, write and delete all var_run (pid) files @@ -64116,7 +64137,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_all_runtime_files" lineno="7081"> +<interface name="files_relabel_all_runtime_files" lineno="7100"> <summary> Relabel all runtime files. </summary> @@ -64126,7 +64147,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_all_runtime_symlinks" lineno="7100"> +<interface name="files_delete_all_runtime_symlinks" lineno="7119"> <summary> Delete all runtime symlinks. </summary> @@ -64137,7 +64158,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_all_runtime_symlinks" lineno="7119"> +<interface name="files_manage_all_runtime_symlinks" lineno="7138"> <summary> Create, read, write and delete all var_run (pid) symbolic links. @@ -64148,7 +64169,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_all_runtime_symlinks" lineno="7137"> +<interface name="files_relabel_all_runtime_symlinks" lineno="7156"> <summary> Relabel all runtime symbolic links. </summary> @@ -64158,7 +64179,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_create_all_runtime_pipes" lineno="7155"> +<interface name="files_create_all_runtime_pipes" lineno="7174"> <summary> Create all runtime named pipes </summary> @@ -64168,7 +64189,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_all_runtime_pipes" lineno="7174"> +<interface name="files_delete_all_runtime_pipes" lineno="7193"> <summary> Delete all runtime named pipes </summary> @@ -64178,7 +64199,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_create_all_runtime_sockets" lineno="7193"> +<interface name="files_create_all_runtime_sockets" lineno="7212"> <summary> Create all runtime sockets. </summary> @@ -64188,7 +64209,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_all_runtime_sockets" lineno="7211"> +<interface name="files_delete_all_runtime_sockets" lineno="7230"> <summary> Delete all runtime sockets. </summary> @@ -64198,7 +64219,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_relabel_all_runtime_sockets" lineno="7229"> +<interface name="files_relabel_all_runtime_sockets" lineno="7248"> <summary> Relabel all runtime named sockets. </summary> @@ -64208,7 +64229,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_runtime_filetrans" lineno="7289"> +<interface name="files_runtime_filetrans" lineno="7308"> <summary> Create an object in the /run directory, with a private type. </summary> @@ -64260,7 +64281,7 @@ The name of the object being created. </param> <infoflow type="write" weight="10"/> </interface> -<interface name="files_runtime_filetrans_lock_dir" lineno="7314"> +<interface name="files_runtime_filetrans_lock_dir" lineno="7333"> <summary> Create a generic lock directory within the run directories. </summary> @@ -64275,7 +64296,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_create_all_spool_sockets" lineno="7332"> +<interface name="files_create_all_spool_sockets" lineno="7351"> <summary> Create all spool sockets </summary> @@ -64285,7 +64306,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_delete_all_spool_sockets" lineno="7350"> +<interface name="files_delete_all_spool_sockets" lineno="7369"> <summary> Delete all spool sockets </summary> @@ -64295,7 +64316,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_mounton_all_poly_members" lineno="7369"> +<interface name="files_mounton_all_poly_members" lineno="7388"> <summary> Mount filesystems on all polyinstantiation member directories. @@ -64306,7 +64327,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_search_spool" lineno="7388"> +<interface name="files_search_spool" lineno="7407"> <summary> Search the contents of generic spool directories (/var/spool). @@ -64317,7 +64338,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_dontaudit_search_spool" lineno="7407"> +<interface name="files_dontaudit_search_spool" lineno="7426"> <summary> Do not audit attempts to search generic spool directories. @@ -64328,7 +64349,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="files_list_spool" lineno="7426"> +<interface name="files_list_spool" lineno="7445"> <summary> List the contents of generic spool (/var/spool) directories. @@ -64339,7 +64360,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_generic_spool_dirs" lineno="7445"> +<interface name="files_manage_generic_spool_dirs" lineno="7464"> <summary> Create, read, write, and delete generic spool directories (/var/spool). @@ -64350,7 +64371,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_read_generic_spool" lineno="7464"> +<interface name="files_read_generic_spool" lineno="7483"> <summary> Read generic spool files. </summary> @@ -64360,7 +64381,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_generic_spool" lineno="7484"> +<interface name="files_manage_generic_spool" lineno="7503"> <summary> Create, read, write, and delete generic spool files. @@ -64371,7 +64392,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_spool_filetrans" lineno="7520"> +<interface name="files_spool_filetrans" lineno="7539"> <summary> Create objects in the spool directory with a private type with a type transition. @@ -64398,7 +64419,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="files_polyinstantiate_all" lineno="7540"> +<interface name="files_polyinstantiate_all" lineno="7559"> <summary> Allow access to manage all polyinstantiated directories on the system. @@ -64409,7 +64430,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_unconfined" lineno="7594"> +<interface name="files_unconfined" lineno="7613"> <summary> Unconfined access to files. </summary> @@ -64419,7 +64440,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_manage_etc_runtime_lnk_files" lineno="7616"> +<interface name="files_manage_etc_runtime_lnk_files" lineno="7635"> <summary> Create, read, write, and delete symbolic links in /etc that are dynamically created on boot. @@ -64431,7 +64452,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_dontaudit_read_etc_runtime" lineno="7634"> +<interface name="files_dontaudit_read_etc_runtime" lineno="7653"> <summary> Do not audit attempts to read etc_runtime resources </summary> @@ -64441,7 +64462,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="files_list_src" lineno="7652"> +<interface name="files_list_src" lineno="7671"> <summary> List usr/src files </summary> @@ -64451,7 +64472,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="files_read_src_files" lineno="7670"> +<interface name="files_read_src_files" lineno="7689"> <summary> Read usr/src files </summary> @@ -64461,7 +64482,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="files_manage_src_files" lineno="7688"> +<interface name="files_manage_src_files" lineno="7707"> <summary> Manage /usr/src files </summary> @@ -64471,7 +64492,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="files_lib_filetrans_kernel_modules" lineno="7719"> +<interface name="files_lib_filetrans_kernel_modules" lineno="7738"> <summary> Create a resource in the generic lib location with an automatic type transition towards the kernel modules @@ -64493,7 +64514,7 @@ Optional name of the resource </summary> </param> </interface> -<interface name="files_read_etc_runtime" lineno="7737"> +<interface name="files_read_etc_runtime" lineno="7756"> <summary> Read etc runtime resources </summary> @@ -64503,7 +64524,7 @@ Domain allowed access </summary> </param> </interface> -<interface name="files_relabel_all_non_security_file_types" lineno="7759"> +<interface name="files_relabel_all_non_security_file_types" lineno="7778"> <summary> Allow relabel from and to non-security types </summary> @@ -64514,7 +64535,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_manage_all_non_security_file_types" lineno="7789"> +<interface name="files_manage_all_non_security_file_types" lineno="7808"> <summary> Manage non-security-sensitive resource types </summary> @@ -64525,7 +64546,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="files_relabel_all_pidfiles" lineno="7811"> +<interface name="files_relabel_all_pidfiles" lineno="7830"> <summary> Allow relabeling from and to any pidfile associated type </summary> @@ -65023,7 +65044,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_cgroup_dirs" lineno="818"> +<interface name="fs_list_cgroup_dirs" lineno="817"> <summary> list cgroup directories. </summary> @@ -65033,7 +65054,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_ioctl_cgroup_dirs" lineno="837"> +<interface name="fs_ioctl_cgroup_dirs" lineno="836"> <summary> Ioctl cgroup directories. </summary> @@ -65043,7 +65064,17 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_delete_cgroup_dirs" lineno="856"> +<interface name="fs_create_cgroup_dirs" lineno="855"> +<summary> +Create cgroup directories. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="fs_delete_cgroup_dirs" lineno="874"> <summary> Delete cgroup directories. </summary> @@ -65053,7 +65084,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_cgroup_dirs" lineno="875"> +<interface name="fs_manage_cgroup_dirs" lineno="893"> <summary> Manage cgroup directories. </summary> @@ -65063,7 +65094,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabel_cgroup_dirs" lineno="895"> +<interface name="fs_relabel_cgroup_dirs" lineno="913"> <summary> Relabel cgroup directories. </summary> @@ -65073,7 +65104,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_cgroup_files" lineno="913"> +<interface name="fs_getattr_cgroup_files" lineno="931"> <summary> Get attributes of cgroup files. </summary> @@ -65083,7 +65114,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_cgroup_files" lineno="933"> +<interface name="fs_read_cgroup_files" lineno="951"> <summary> Read cgroup files. </summary> @@ -65093,7 +65124,17 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_watch_cgroup_files" lineno="954"> +<interface name="fs_create_cgroup_files" lineno="972"> +<summary> +Create cgroup files. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="fs_watch_cgroup_files" lineno="992"> <summary> Watch cgroup files. </summary> @@ -65103,7 +65144,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_create_cgroup_links" lineno="973"> +<interface name="fs_create_cgroup_links" lineno="1011"> <summary> Create cgroup lnk_files. </summary> @@ -65113,7 +65154,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_write_cgroup_files" lineno="993"> +<interface name="fs_write_cgroup_files" lineno="1031"> <summary> Write cgroup files. </summary> @@ -65123,7 +65164,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_cgroup_files" lineno="1012"> +<interface name="fs_rw_cgroup_files" lineno="1050"> <summary> Read and write cgroup files. </summary> @@ -65133,7 +65174,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_rw_cgroup_files" lineno="1034"> +<interface name="fs_dontaudit_rw_cgroup_files" lineno="1072"> <summary> Do not audit attempts to open, get attributes, read and write @@ -65145,7 +65186,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_cgroup_files" lineno="1052"> +<interface name="fs_manage_cgroup_files" lineno="1090"> <summary> Manage cgroup files. </summary> @@ -65155,7 +65196,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabel_cgroup_symlinks" lineno="1072"> +<interface name="fs_relabel_cgroup_symlinks" lineno="1110"> <summary> Relabel cgroup symbolic links. </summary> @@ -65165,7 +65206,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_watch_cgroup_dirs" lineno="1090"> +<interface name="fs_watch_cgroup_dirs" lineno="1128"> <summary> Watch cgroup directories. </summary> @@ -65175,7 +65216,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mounton_cgroup" lineno="1108"> +<interface name="fs_mounton_cgroup" lineno="1146"> <summary> Mount on cgroup directories. </summary> @@ -65185,7 +65226,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_cgroup_filetrans" lineno="1142"> +<interface name="fs_cgroup_filetrans" lineno="1180"> <summary> Create an object in a cgroup tmpfs filesystem, with a private type using a type transition. @@ -65211,7 +65252,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="fs_dontaudit_list_cifs_dirs" lineno="1163"> +<interface name="fs_dontaudit_list_cifs_dirs" lineno="1201"> <summary> Do not audit attempts to read dirs on a CIFS or SMB filesystem. @@ -65222,7 +65263,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_mount_cifs" lineno="1181"> +<interface name="fs_mount_cifs" lineno="1219"> <summary> Mount a CIFS or SMB network filesystem. </summary> @@ -65232,7 +65273,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_cifs" lineno="1200"> +<interface name="fs_remount_cifs" lineno="1238"> <summary> Remount a CIFS or SMB network filesystem. This allows some mount options to be changed. @@ -65243,7 +65284,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_cifs" lineno="1218"> +<interface name="fs_unmount_cifs" lineno="1256"> <summary> Unmount a CIFS or SMB network filesystem. </summary> @@ -65253,7 +65294,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_cifs" lineno="1238"> +<interface name="fs_getattr_cifs" lineno="1276"> <summary> Get the attributes of a CIFS or SMB network filesystem. @@ -65265,7 +65306,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_search_cifs" lineno="1256"> +<interface name="fs_search_cifs" lineno="1294"> <summary> Search directories on a CIFS or SMB filesystem. </summary> @@ -65275,7 +65316,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_cifs" lineno="1275"> +<interface name="fs_list_cifs" lineno="1313"> <summary> List the contents of directories on a CIFS or SMB filesystem. @@ -65286,7 +65327,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_list_cifs" lineno="1294"> +<interface name="fs_dontaudit_list_cifs" lineno="1332"> <summary> Do not audit attempts to list the contents of directories on a CIFS or SMB filesystem. @@ -65297,7 +65338,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_mounton_cifs" lineno="1312"> +<interface name="fs_mounton_cifs" lineno="1350"> <summary> Mounton a CIFS filesystem. </summary> @@ -65307,7 +65348,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_cifs_files" lineno="1331"> +<interface name="fs_read_cifs_files" lineno="1369"> <summary> Read files on a CIFS or SMB filesystem. </summary> @@ -65318,7 +65359,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_read_all_inherited_image_files" lineno="1351"> +<interface name="fs_read_all_inherited_image_files" lineno="1389"> <summary> Read all inherited filesystem image files. </summary> @@ -65329,7 +65370,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_read_all_image_files" lineno="1370"> +<interface name="fs_read_all_image_files" lineno="1408"> <summary> Read all filesystem image files. </summary> @@ -65340,7 +65381,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_mmap_read_all_image_files" lineno="1389"> +<interface name="fs_mmap_read_all_image_files" lineno="1427"> <summary> Mmap-read all filesystem image files. </summary> @@ -65351,7 +65392,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_rw_all_image_files" lineno="1408"> +<interface name="fs_rw_all_image_files" lineno="1446"> <summary> Read and write all filesystem image files. </summary> @@ -65362,7 +65403,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_mmap_rw_all_image_files" lineno="1427"> +<interface name="fs_mmap_rw_all_image_files" lineno="1465"> <summary> Mmap-Read-write all filesystem image files. </summary> @@ -65373,7 +65414,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_write_all_image_files" lineno="1446"> +<interface name="fs_dontaudit_write_all_image_files" lineno="1484"> <summary> Do not audit attempts to write all filesystem image files. </summary> @@ -65384,7 +65425,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_getattr_noxattr_fs" lineno="1466"> +<interface name="fs_getattr_noxattr_fs" lineno="1504"> <summary> Get the attributes of filesystems that do not have extended attribute support. @@ -65396,7 +65437,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_list_noxattr_fs" lineno="1484"> +<interface name="fs_list_noxattr_fs" lineno="1522"> <summary> Read all noxattrfs directories. </summary> @@ -65406,7 +65447,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_list_noxattr_fs" lineno="1503"> +<interface name="fs_dontaudit_list_noxattr_fs" lineno="1541"> <summary> Do not audit attempts to list all noxattrfs directories. @@ -65417,7 +65458,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_noxattr_fs_dirs" lineno="1521"> +<interface name="fs_manage_noxattr_fs_dirs" lineno="1559"> <summary> Create, read, write, and delete all noxattrfs directories. </summary> @@ -65427,7 +65468,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_noxattr_fs_files" lineno="1539"> +<interface name="fs_read_noxattr_fs_files" lineno="1577"> <summary> Read all noxattrfs files. </summary> @@ -65437,7 +65478,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1559"> +<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1597"> <summary> Do not audit attempts to read all noxattrfs files. @@ -65448,7 +65489,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1577"> +<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1615"> <summary> Dont audit attempts to write to noxattrfs files. </summary> @@ -65458,7 +65499,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_noxattr_fs_files" lineno="1595"> +<interface name="fs_manage_noxattr_fs_files" lineno="1633"> <summary> Create, read, write, and delete all noxattrfs files. </summary> @@ -65468,7 +65509,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_noxattr_fs_symlinks" lineno="1614"> +<interface name="fs_read_noxattr_fs_symlinks" lineno="1652"> <summary> Read all noxattrfs symbolic links. </summary> @@ -65478,7 +65519,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_noxattr_fs_symlinks" lineno="1633"> +<interface name="fs_manage_noxattr_fs_symlinks" lineno="1671"> <summary> Manage all noxattrfs symbolic links. </summary> @@ -65488,7 +65529,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabelfrom_noxattr_fs" lineno="1653"> +<interface name="fs_relabelfrom_noxattr_fs" lineno="1691"> <summary> Relabel all objects from filesystems that do not support extended attributes. @@ -65499,7 +65540,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_read_cifs_files" lineno="1679"> +<interface name="fs_dontaudit_read_cifs_files" lineno="1717"> <summary> Do not audit attempts to read files on a CIFS or SMB filesystem. @@ -65510,7 +65551,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_append_cifs_files" lineno="1699"> +<interface name="fs_append_cifs_files" lineno="1737"> <summary> Append files on a CIFS filesystem. @@ -65522,7 +65563,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_append_cifs_files" lineno="1719"> +<interface name="fs_dontaudit_append_cifs_files" lineno="1757"> <summary> dontaudit Append files on a CIFS filesystem. @@ -65534,7 +65575,7 @@ Domain to not audit. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_rw_cifs_files" lineno="1738"> +<interface name="fs_dontaudit_rw_cifs_files" lineno="1776"> <summary> Do not audit attempts to read or write files on a CIFS or SMB filesystem. @@ -65545,7 +65586,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_read_cifs_symlinks" lineno="1756"> +<interface name="fs_read_cifs_symlinks" lineno="1794"> <summary> Read symbolic links on a CIFS or SMB filesystem. </summary> @@ -65555,7 +65596,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_cifs_named_pipes" lineno="1776"> +<interface name="fs_read_cifs_named_pipes" lineno="1814"> <summary> Read named pipes on a CIFS or SMB network filesystem. @@ -65566,7 +65607,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_cifs_named_sockets" lineno="1795"> +<interface name="fs_read_cifs_named_sockets" lineno="1833"> <summary> Read named sockets on a CIFS or SMB network filesystem. @@ -65577,7 +65618,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_exec_cifs_files" lineno="1816"> +<interface name="fs_exec_cifs_files" lineno="1854"> <summary> Execute files on a CIFS or SMB network filesystem, in the caller @@ -65590,7 +65631,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_cifs_dirs" lineno="1837"> +<interface name="fs_manage_cifs_dirs" lineno="1875"> <summary> Create, read, write, and delete directories on a CIFS or SMB network filesystem. @@ -65602,7 +65643,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1857"> +<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1895"> <summary> Do not audit attempts to create, read, write, and delete directories @@ -65614,7 +65655,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_cifs_files" lineno="1877"> +<interface name="fs_manage_cifs_files" lineno="1915"> <summary> Create, read, write, and delete files on a CIFS or SMB network filesystem. @@ -65626,7 +65667,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_manage_cifs_files" lineno="1897"> +<interface name="fs_dontaudit_manage_cifs_files" lineno="1935"> <summary> Do not audit attempts to create, read, write, and delete files @@ -65638,7 +65679,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_cifs_symlinks" lineno="1916"> +<interface name="fs_manage_cifs_symlinks" lineno="1954"> <summary> Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem. @@ -65649,7 +65690,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_cifs_named_pipes" lineno="1935"> +<interface name="fs_manage_cifs_named_pipes" lineno="1973"> <summary> Create, read, write, and delete named pipes on a CIFS or SMB network filesystem. @@ -65660,7 +65701,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_cifs_named_sockets" lineno="1954"> +<interface name="fs_manage_cifs_named_sockets" lineno="1992"> <summary> Create, read, write, and delete named sockets on a CIFS or SMB network filesystem. @@ -65671,7 +65712,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_cifs_domtrans" lineno="1997"> +<interface name="fs_cifs_domtrans" lineno="2035"> <summary> Execute a file on a CIFS or SMB filesystem in the specified domain. @@ -65706,7 +65747,7 @@ The type of the new process. </summary> </param> </interface> -<interface name="fs_manage_configfs_dirs" lineno="2017"> +<interface name="fs_manage_configfs_dirs" lineno="2055"> <summary> Create, read, write, and delete dirs on a configfs filesystem. @@ -65717,7 +65758,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_configfs_files" lineno="2036"> +<interface name="fs_manage_configfs_files" lineno="2074"> <summary> Create, read, write, and delete files on a configfs filesystem. @@ -65728,7 +65769,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mount_dos_fs" lineno="2055"> +<interface name="fs_mount_dos_fs" lineno="2093"> <summary> Mount a DOS filesystem, such as FAT32 or NTFS. @@ -65739,7 +65780,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_dos_fs" lineno="2075"> +<interface name="fs_remount_dos_fs" lineno="2113"> <summary> Remount a DOS filesystem, such as FAT32 or NTFS. This allows @@ -65751,7 +65792,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_dos_fs" lineno="2094"> +<interface name="fs_unmount_dos_fs" lineno="2132"> <summary> Unmount a DOS filesystem, such as FAT32 or NTFS. @@ -65762,7 +65803,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_dos_fs" lineno="2114"> +<interface name="fs_getattr_dos_fs" lineno="2152"> <summary> Get the attributes of a DOS filesystem, such as FAT32 or NTFS. @@ -65774,7 +65815,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_relabelfrom_dos_fs" lineno="2133"> +<interface name="fs_relabelfrom_dos_fs" lineno="2171"> <summary> Allow changing of the label of a DOS filesystem using the context= mount option. @@ -65785,7 +65826,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_dos_dirs" lineno="2151"> +<interface name="fs_getattr_dos_dirs" lineno="2189"> <summary> Get attributes of directories on a dosfs filesystem. </summary> @@ -65795,7 +65836,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_dos" lineno="2169"> +<interface name="fs_search_dos" lineno="2207"> <summary> Search dosfs filesystem. </summary> @@ -65805,7 +65846,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_dos" lineno="2187"> +<interface name="fs_list_dos" lineno="2225"> <summary> List dirs DOS filesystem. </summary> @@ -65815,7 +65856,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_dos_dirs" lineno="2206"> +<interface name="fs_manage_dos_dirs" lineno="2244"> <summary> Create, read, write, and delete dirs on a DOS filesystem. @@ -65826,7 +65867,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_dos_files" lineno="2224"> +<interface name="fs_read_dos_files" lineno="2262"> <summary> Read files on a DOS filesystem. </summary> @@ -65836,7 +65877,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mmap_read_dos_files" lineno="2242"> +<interface name="fs_mmap_read_dos_files" lineno="2280"> <summary> Read and map files on a DOS filesystem. </summary> @@ -65846,7 +65887,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_dos_files" lineno="2262"> +<interface name="fs_manage_dos_files" lineno="2300"> <summary> Create, read, write, and delete files on a DOS filesystem. @@ -65857,7 +65898,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_ecryptfs" lineno="2280"> +<interface name="fs_list_ecryptfs" lineno="2318"> <summary> Read symbolic links on an eCryptfs filesystem. </summary> @@ -65867,7 +65908,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_ecryptfs_dirs" lineno="2301"> +<interface name="fs_manage_ecryptfs_dirs" lineno="2339"> <summary> Create, read, write, and delete directories on an eCryptfs filesystem. @@ -65879,7 +65920,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_ecryptfs_files" lineno="2321"> +<interface name="fs_manage_ecryptfs_files" lineno="2359"> <summary> Create, read, write, and delete files on an eCryptfs filesystem. @@ -65891,7 +65932,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_ecryptfs_named_sockets" lineno="2340"> +<interface name="fs_manage_ecryptfs_named_sockets" lineno="2378"> <summary> Create, read, write, and delete named sockets on an eCryptfs filesystem. @@ -65902,7 +65943,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_efivarfs" lineno="2358"> +<interface name="fs_getattr_efivarfs" lineno="2396"> <summary> Get the attributes of efivarfs filesystems. </summary> @@ -65912,7 +65953,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_efivars" lineno="2376"> +<interface name="fs_list_efivars" lineno="2414"> <summary> List dirs in efivarfs filesystem. </summary> @@ -65922,7 +65963,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_efivarfs_files" lineno="2396"> +<interface name="fs_read_efivarfs_files" lineno="2434"> <summary> Read files in efivarfs - contains Linux Kernel configuration options for UEFI systems @@ -65934,7 +65975,19 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_efivarfs_files" lineno="2416"> +<interface name="fs_setattr_efivarfs_files" lineno="2454"> +<summary> +Set the attributes of files in efivarfs +- contains Linux Kernel configuration options for UEFI systems +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +<rolecap/> +</interface> +<interface name="fs_manage_efivarfs_files" lineno="2474"> <summary> Create, read, write, and delete files on a efivarfs filesystem. @@ -65946,7 +65999,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_fusefs" lineno="2434"> +<interface name="fs_getattr_fusefs" lineno="2492"> <summary> stat a FUSE filesystem </summary> @@ -65956,7 +66009,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mount_fusefs" lineno="2452"> +<interface name="fs_mount_fusefs" lineno="2510"> <summary> Mount a FUSE filesystem. </summary> @@ -65966,7 +66019,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_fusefs" lineno="2470"> +<interface name="fs_unmount_fusefs" lineno="2528"> <summary> Unmount a FUSE filesystem. </summary> @@ -65976,7 +66029,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_fusefs" lineno="2488"> +<interface name="fs_remount_fusefs" lineno="2546"> <summary> Remount a FUSE filesystem. </summary> @@ -65986,7 +66039,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mounton_fusefs" lineno="2506"> +<interface name="fs_mounton_fusefs" lineno="2564"> <summary> Mounton a FUSEFS filesystem. </summary> @@ -65996,7 +66049,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_fusefs_entry_type" lineno="2525"> +<interface name="fs_fusefs_entry_type" lineno="2583"> <summary> Make FUSEFS files an entrypoint for the specified domain. @@ -66007,7 +66060,7 @@ The domain for which fusefs_t is an entrypoint. </summary> </param> </interface> -<interface name="fs_fusefs_domtrans" lineno="2558"> +<interface name="fs_fusefs_domtrans" lineno="2616"> <summary> Execute FUSEFS files in a specified domain. </summary> @@ -66032,7 +66085,7 @@ Domain to transition to. </summary> </param> </interface> -<interface name="fs_search_fusefs" lineno="2578"> +<interface name="fs_search_fusefs" lineno="2636"> <summary> Search directories on a FUSEFS filesystem. @@ -66044,7 +66097,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_list_fusefs" lineno="2598"> +<interface name="fs_list_fusefs" lineno="2656"> <summary> List the contents of directories on a FUSEFS filesystem. @@ -66056,7 +66109,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_list_fusefs" lineno="2617"> +<interface name="fs_dontaudit_list_fusefs" lineno="2675"> <summary> Do not audit attempts to list the contents of directories on a FUSEFS filesystem. @@ -66067,7 +66120,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_setattr_fusefs_dirs" lineno="2637"> +<interface name="fs_setattr_fusefs_dirs" lineno="2695"> <summary> Set the attributes of directories on a FUSEFS filesystem. @@ -66079,7 +66132,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_fusefs_dirs" lineno="2657"> +<interface name="fs_manage_fusefs_dirs" lineno="2715"> <summary> Create, read, write, and delete directories on a FUSEFS filesystem. @@ -66091,7 +66144,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2677"> +<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2735"> <summary> Do not audit attempts to create, read, write, and delete directories @@ -66103,7 +66156,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_getattr_fusefs_files" lineno="2697"> +<interface name="fs_getattr_fusefs_files" lineno="2755"> <summary> Get the attributes of files on a FUSEFS filesystem. @@ -66115,7 +66168,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_read_fusefs_files" lineno="2716"> +<interface name="fs_read_fusefs_files" lineno="2774"> <summary> Read, a FUSEFS filesystem. </summary> @@ -66126,7 +66179,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_exec_fusefs_files" lineno="2735"> +<interface name="fs_exec_fusefs_files" lineno="2793"> <summary> Execute files on a FUSEFS filesystem. </summary> @@ -66137,7 +66190,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_setattr_fusefs_files" lineno="2755"> +<interface name="fs_setattr_fusefs_files" lineno="2813"> <summary> Set the attributes of files on a FUSEFS filesystem. @@ -66149,7 +66202,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_fusefs_files" lineno="2775"> +<interface name="fs_manage_fusefs_files" lineno="2833"> <summary> Create, read, write, and delete files on a FUSEFS filesystem. @@ -66161,7 +66214,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_manage_fusefs_files" lineno="2795"> +<interface name="fs_dontaudit_manage_fusefs_files" lineno="2853"> <summary> Do not audit attempts to create, read, write, and delete files @@ -66173,7 +66226,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_getattr_fusefs_symlinks" lineno="2815"> +<interface name="fs_getattr_fusefs_symlinks" lineno="2873"> <summary> Get the attributes of symlinks on a FUSEFS filesystem. @@ -66185,7 +66238,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_read_fusefs_symlinks" lineno="2833"> +<interface name="fs_read_fusefs_symlinks" lineno="2891"> <summary> Read symbolic links on a FUSEFS filesystem. </summary> @@ -66195,7 +66248,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_setattr_fusefs_symlinks" lineno="2854"> +<interface name="fs_setattr_fusefs_symlinks" lineno="2912"> <summary> Set the attributes of symlinks on a FUSEFS filesystem. @@ -66207,7 +66260,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_fusefs_symlinks" lineno="2873"> +<interface name="fs_manage_fusefs_symlinks" lineno="2931"> <summary> Manage symlinks on a FUSEFS filesystem. </summary> @@ -66218,7 +66271,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_getattr_fusefs_fifo_files" lineno="2893"> +<interface name="fs_getattr_fusefs_fifo_files" lineno="2951"> <summary> Get the attributes of named pipes on a FUSEFS filesystem. @@ -66230,7 +66283,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_setattr_fusefs_fifo_files" lineno="2913"> +<interface name="fs_setattr_fusefs_fifo_files" lineno="2971"> <summary> Set the attributes of named pipes on a FUSEFS filesystem. @@ -66242,7 +66295,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_fusefs_fifo_files" lineno="2933"> +<interface name="fs_manage_fusefs_fifo_files" lineno="2991"> <summary> Manage named pipes on a FUSEFS filesystem. @@ -66254,7 +66307,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_getattr_fusefs_sock_files" lineno="2953"> +<interface name="fs_getattr_fusefs_sock_files" lineno="3011"> <summary> Get the attributes of named sockets on a FUSEFS filesystem. @@ -66266,7 +66319,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_setattr_fusefs_sock_files" lineno="2973"> +<interface name="fs_setattr_fusefs_sock_files" lineno="3031"> <summary> Set the attributes of named sockets on a FUSEFS filesystem. @@ -66278,7 +66331,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_fusefs_sock_files" lineno="2993"> +<interface name="fs_manage_fusefs_sock_files" lineno="3051"> <summary> Manage named sockets on a FUSEFS filesystem. @@ -66290,7 +66343,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_getattr_fusefs_chr_files" lineno="3013"> +<interface name="fs_getattr_fusefs_chr_files" lineno="3071"> <summary> Get the attributes of character files on a FUSEFS filesystem. @@ -66302,7 +66355,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_setattr_fusefs_chr_files" lineno="3033"> +<interface name="fs_setattr_fusefs_chr_files" lineno="3091"> <summary> Set the attributes of character files on a FUSEFS filesystem. @@ -66314,7 +66367,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_fusefs_chr_files" lineno="3053"> +<interface name="fs_manage_fusefs_chr_files" lineno="3111"> <summary> Manage character files on a FUSEFS filesystem. @@ -66326,7 +66379,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_getattr_hugetlbfs" lineno="3072"> +<interface name="fs_getattr_hugetlbfs" lineno="3130"> <summary> Get the attributes of an hugetlbfs filesystem. @@ -66337,7 +66390,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_hugetlbfs" lineno="3090"> +<interface name="fs_list_hugetlbfs" lineno="3148"> <summary> List hugetlbfs. </summary> @@ -66347,7 +66400,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_hugetlbfs_dirs" lineno="3108"> +<interface name="fs_manage_hugetlbfs_dirs" lineno="3166"> <summary> Manage hugetlbfs dirs. </summary> @@ -66357,7 +66410,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_inherited_hugetlbfs_files" lineno="3126"> +<interface name="fs_rw_inherited_hugetlbfs_files" lineno="3184"> <summary> Read and write inherited hugetlbfs files. </summary> @@ -66367,7 +66420,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_hugetlbfs_files" lineno="3144"> +<interface name="fs_rw_hugetlbfs_files" lineno="3202"> <summary> Read and write hugetlbfs files. </summary> @@ -66377,7 +66430,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mmap_rw_hugetlbfs_files" lineno="3162"> +<interface name="fs_mmap_rw_hugetlbfs_files" lineno="3220"> <summary> Read, map and write hugetlbfs files. </summary> @@ -66387,7 +66440,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_associate_hugetlbfs" lineno="3181"> +<interface name="fs_associate_hugetlbfs" lineno="3239"> <summary> Allow the type to associate to hugetlbfs filesystems. </summary> @@ -66397,7 +66450,7 @@ The type of the object to be associated. </summary> </param> </interface> -<interface name="fs_search_inotifyfs" lineno="3199"> +<interface name="fs_search_inotifyfs" lineno="3257"> <summary> Search inotifyfs filesystem. </summary> @@ -66407,7 +66460,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_inotifyfs" lineno="3217"> +<interface name="fs_list_inotifyfs" lineno="3275"> <summary> List inotifyfs filesystem. </summary> @@ -66417,7 +66470,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_list_inotifyfs" lineno="3235"> +<interface name="fs_dontaudit_list_inotifyfs" lineno="3293"> <summary> Dontaudit List inotifyfs filesystem. </summary> @@ -66427,7 +66480,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_hugetlbfs_filetrans" lineno="3269"> +<interface name="fs_hugetlbfs_filetrans" lineno="3327"> <summary> Create an object in a hugetlbfs filesystem, with a private type using a type transition. @@ -66453,7 +66506,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="fs_mount_iso9660_fs" lineno="3289"> +<interface name="fs_mount_iso9660_fs" lineno="3347"> <summary> Mount an iso9660 filesystem, which is usually used on CDs. @@ -66464,7 +66517,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_iso9660_fs" lineno="3309"> +<interface name="fs_remount_iso9660_fs" lineno="3367"> <summary> Remount an iso9660 filesystem, which is usually used on CDs. This allows @@ -66476,7 +66529,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabelfrom_iso9660_fs" lineno="3328"> +<interface name="fs_relabelfrom_iso9660_fs" lineno="3386"> <summary> Allow changing of the label of a filesystem with iso9660 type @@ -66487,7 +66540,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_iso9660_fs" lineno="3347"> +<interface name="fs_unmount_iso9660_fs" lineno="3405"> <summary> Unmount an iso9660 filesystem, which is usually used on CDs. @@ -66498,7 +66551,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_iso9660_fs" lineno="3367"> +<interface name="fs_getattr_iso9660_fs" lineno="3425"> <summary> Get the attributes of an iso9660 filesystem, which is usually used on CDs. @@ -66510,7 +66563,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_getattr_iso9660_files" lineno="3386"> +<interface name="fs_getattr_iso9660_files" lineno="3444"> <summary> Get the attributes of files on an iso9660 filesystem, which is usually used on CDs. @@ -66521,7 +66574,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_iso9660_files" lineno="3406"> +<interface name="fs_read_iso9660_files" lineno="3464"> <summary> Read files on an iso9660 filesystem, which is usually used on CDs. @@ -66532,7 +66585,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mount_nfs" lineno="3426"> +<interface name="fs_mount_nfs" lineno="3484"> <summary> Mount a NFS filesystem. </summary> @@ -66542,7 +66595,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_nfs" lineno="3445"> +<interface name="fs_remount_nfs" lineno="3503"> <summary> Remount a NFS filesystem. This allows some mount options to be changed. @@ -66553,7 +66606,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_nfs" lineno="3463"> +<interface name="fs_unmount_nfs" lineno="3521"> <summary> Unmount a NFS filesystem. </summary> @@ -66563,7 +66616,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_nfs" lineno="3482"> +<interface name="fs_getattr_nfs" lineno="3540"> <summary> Get the attributes of a NFS filesystem. </summary> @@ -66574,7 +66627,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_search_nfs" lineno="3500"> +<interface name="fs_search_nfs" lineno="3558"> <summary> Search directories on a NFS filesystem. </summary> @@ -66584,7 +66637,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_nfs" lineno="3518"> +<interface name="fs_list_nfs" lineno="3576"> <summary> List NFS filesystem. </summary> @@ -66594,7 +66647,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_list_nfs" lineno="3537"> +<interface name="fs_dontaudit_list_nfs" lineno="3595"> <summary> Do not audit attempts to list the contents of directories on a NFS filesystem. @@ -66605,7 +66658,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_watch_nfs_dirs" lineno="3556"> +<interface name="fs_watch_nfs_dirs" lineno="3614"> <summary> Add a watch on directories on an NFS filesystem. @@ -66616,7 +66669,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mounton_nfs" lineno="3574"> +<interface name="fs_mounton_nfs" lineno="3632"> <summary> Mounton a NFS filesystem. </summary> @@ -66626,7 +66679,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_nfs_files" lineno="3593"> +<interface name="fs_read_nfs_files" lineno="3651"> <summary> Read files on a NFS filesystem. </summary> @@ -66637,7 +66690,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_read_nfs_files" lineno="3613"> +<interface name="fs_dontaudit_read_nfs_files" lineno="3671"> <summary> Do not audit attempts to read files on a NFS filesystem. @@ -66648,7 +66701,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_write_nfs_files" lineno="3631"> +<interface name="fs_write_nfs_files" lineno="3689"> <summary> Read files on a NFS filesystem. </summary> @@ -66658,7 +66711,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_exec_nfs_files" lineno="3651"> +<interface name="fs_exec_nfs_files" lineno="3709"> <summary> Execute files on a NFS filesystem. </summary> @@ -66669,7 +66722,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_append_nfs_files" lineno="3672"> +<interface name="fs_append_nfs_files" lineno="3730"> <summary> Append files on a NFS filesystem. @@ -66681,7 +66734,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_append_nfs_files" lineno="3692"> +<interface name="fs_dontaudit_append_nfs_files" lineno="3750"> <summary> dontaudit Append files on a NFS filesystem. @@ -66693,7 +66746,7 @@ Domain to not audit. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_rw_nfs_files" lineno="3711"> +<interface name="fs_dontaudit_rw_nfs_files" lineno="3769"> <summary> Do not audit attempts to read or write files on a NFS filesystem. @@ -66704,7 +66757,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_watch_nfs_files" lineno="3729"> +<interface name="fs_watch_nfs_files" lineno="3787"> <summary> Add a watch on files on an NFS filesystem. </summary> @@ -66714,7 +66767,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_nfs_symlinks" lineno="3747"> +<interface name="fs_read_nfs_symlinks" lineno="3805"> <summary> Read symbolic links on a NFS filesystem. </summary> @@ -66724,7 +66777,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3766"> +<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3824"> <summary> Dontaudit read symbolic links on a NFS filesystem. </summary> @@ -66734,7 +66787,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_read_nfs_named_sockets" lineno="3784"> +<interface name="fs_read_nfs_named_sockets" lineno="3842"> <summary> Read named sockets on a NFS filesystem. </summary> @@ -66744,7 +66797,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_nfs_named_pipes" lineno="3803"> +<interface name="fs_read_nfs_named_pipes" lineno="3861"> <summary> Read named pipes on a NFS network filesystem. </summary> @@ -66755,7 +66808,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_getattr_rpc_dirs" lineno="3822"> +<interface name="fs_getattr_rpc_dirs" lineno="3880"> <summary> Get the attributes of directories of RPC file system pipes. @@ -66766,7 +66819,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_rpc" lineno="3841"> +<interface name="fs_search_rpc" lineno="3899"> <summary> Search directories of RPC file system pipes. </summary> @@ -66776,7 +66829,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_removable" lineno="3859"> +<interface name="fs_search_removable" lineno="3917"> <summary> Search removable storage directories. </summary> @@ -66786,7 +66839,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_list_removable" lineno="3877"> +<interface name="fs_dontaudit_list_removable" lineno="3935"> <summary> Do not audit attempts to list removable storage directories. </summary> @@ -66796,7 +66849,7 @@ Domain not to audit. </summary> </param> </interface> -<interface name="fs_read_removable_files" lineno="3895"> +<interface name="fs_read_removable_files" lineno="3953"> <summary> Read removable storage files. </summary> @@ -66806,7 +66859,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_read_removable_files" lineno="3913"> +<interface name="fs_dontaudit_read_removable_files" lineno="3971"> <summary> Do not audit attempts to read removable storage files. </summary> @@ -66816,7 +66869,7 @@ Domain not to audit. </summary> </param> </interface> -<interface name="fs_dontaudit_write_removable_files" lineno="3931"> +<interface name="fs_dontaudit_write_removable_files" lineno="3989"> <summary> Do not audit attempts to write removable storage files. </summary> @@ -66826,7 +66879,7 @@ Domain not to audit. </summary> </param> </interface> -<interface name="fs_read_removable_symlinks" lineno="3949"> +<interface name="fs_read_removable_symlinks" lineno="4007"> <summary> Read removable storage symbolic links. </summary> @@ -66836,7 +66889,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_removable_blk_files" lineno="3967"> +<interface name="fs_read_removable_blk_files" lineno="4025"> <summary> Read block nodes on removable filesystems. </summary> @@ -66846,7 +66899,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_removable_blk_files" lineno="3986"> +<interface name="fs_rw_removable_blk_files" lineno="4044"> <summary> Read and write block nodes on removable filesystems. </summary> @@ -66856,7 +66909,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_rpc" lineno="4005"> +<interface name="fs_list_rpc" lineno="4063"> <summary> Read directories of RPC file system pipes. </summary> @@ -66866,7 +66919,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_rpc_files" lineno="4023"> +<interface name="fs_read_rpc_files" lineno="4081"> <summary> Read files of RPC file system pipes. </summary> @@ -66876,7 +66929,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_rpc_symlinks" lineno="4041"> +<interface name="fs_read_rpc_symlinks" lineno="4099"> <summary> Read symbolic links of RPC file system pipes. </summary> @@ -66886,7 +66939,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_rpc_sockets" lineno="4059"> +<interface name="fs_read_rpc_sockets" lineno="4117"> <summary> Read sockets of RPC file system pipes. </summary> @@ -66896,7 +66949,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_rpc_sockets" lineno="4077"> +<interface name="fs_rw_rpc_sockets" lineno="4135"> <summary> Read and write sockets of RPC file system pipes. </summary> @@ -66906,7 +66959,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_nfs_dirs" lineno="4097"> +<interface name="fs_manage_nfs_dirs" lineno="4155"> <summary> Create, read, write, and delete directories on a NFS filesystem. @@ -66918,7 +66971,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_manage_nfs_dirs" lineno="4117"> +<interface name="fs_dontaudit_manage_nfs_dirs" lineno="4175"> <summary> Do not audit attempts to create, read, write, and delete directories @@ -66930,7 +66983,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_nfs_files" lineno="4137"> +<interface name="fs_manage_nfs_files" lineno="4195"> <summary> Create, read, write, and delete files on a NFS filesystem. @@ -66942,7 +66995,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_manage_nfs_files" lineno="4157"> +<interface name="fs_dontaudit_manage_nfs_files" lineno="4215"> <summary> Do not audit attempts to create, read, write, and delete files @@ -66954,7 +67007,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_nfs_symlinks" lineno="4177"> +<interface name="fs_manage_nfs_symlinks" lineno="4235"> <summary> Create, read, write, and delete symbolic links on a NFS network filesystem. @@ -66966,7 +67019,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_manage_nfs_named_pipes" lineno="4196"> +<interface name="fs_manage_nfs_named_pipes" lineno="4254"> <summary> Create, read, write, and delete named pipes on a NFS filesystem. @@ -66977,7 +67030,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_nfs_named_sockets" lineno="4215"> +<interface name="fs_manage_nfs_named_sockets" lineno="4273"> <summary> Create, read, write, and delete named sockets on a NFS filesystem. @@ -66988,7 +67041,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_nfs_domtrans" lineno="4258"> +<interface name="fs_nfs_domtrans" lineno="4316"> <summary> Execute a file on a NFS filesystem in the specified domain. @@ -67023,7 +67076,7 @@ The type of the new process. </summary> </param> </interface> -<interface name="fs_mount_nfsd_fs" lineno="4277"> +<interface name="fs_mount_nfsd_fs" lineno="4335"> <summary> Mount a NFS server pseudo filesystem. </summary> @@ -67033,7 +67086,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_nfsd_fs" lineno="4296"> +<interface name="fs_remount_nfsd_fs" lineno="4354"> <summary> Mount a NFS server pseudo filesystem. This allows some mount options to be changed. @@ -67044,7 +67097,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_nfsd_fs" lineno="4314"> +<interface name="fs_unmount_nfsd_fs" lineno="4372"> <summary> Unmount a NFS server pseudo filesystem. </summary> @@ -67054,7 +67107,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_nfsd_fs" lineno="4333"> +<interface name="fs_getattr_nfsd_fs" lineno="4391"> <summary> Get the attributes of a NFS server pseudo filesystem. @@ -67065,7 +67118,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_nfsd_fs" lineno="4351"> +<interface name="fs_search_nfsd_fs" lineno="4409"> <summary> Search NFS server directories. </summary> @@ -67075,7 +67128,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_nfsd_fs" lineno="4369"> +<interface name="fs_list_nfsd_fs" lineno="4427"> <summary> List NFS server directories. </summary> @@ -67085,7 +67138,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_watch_nfsd_dirs" lineno="4387"> +<interface name="fs_watch_nfsd_dirs" lineno="4445"> <summary> Watch NFS server directories. </summary> @@ -67095,7 +67148,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_nfsd_files" lineno="4405"> +<interface name="fs_getattr_nfsd_files" lineno="4463"> <summary> Getattr files on an nfsd filesystem </summary> @@ -67105,7 +67158,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_nfsd_fs" lineno="4423"> +<interface name="fs_rw_nfsd_fs" lineno="4481"> <summary> Read and write NFS server files. </summary> @@ -67115,7 +67168,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_nsfs_files" lineno="4441"> +<interface name="fs_getattr_nsfs_files" lineno="4499"> <summary> Get the attributes of nsfs inodes (e.g. /proc/pid/ns/uts) </summary> @@ -67125,7 +67178,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_nsfs_files" lineno="4459"> +<interface name="fs_read_nsfs_files" lineno="4517"> <summary> Read nsfs inodes (e.g. /proc/pid/ns/uts) </summary> @@ -67135,7 +67188,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_watch_nfsd_files" lineno="4477"> +<interface name="fs_watch_nfsd_files" lineno="4535"> <summary> Watch NFS server files. </summary> @@ -67145,7 +67198,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_nsfs" lineno="4495"> +<interface name="fs_getattr_nsfs" lineno="4553"> <summary> Get the attributes of an nsfs filesystem. </summary> @@ -67155,7 +67208,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_nsfs" lineno="4513"> +<interface name="fs_unmount_nsfs" lineno="4571"> <summary> Unmount an nsfs filesystem. </summary> @@ -67165,7 +67218,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_pstorefs" lineno="4531"> +<interface name="fs_getattr_pstorefs" lineno="4589"> <summary> Get the attributes of a pstore filesystem. </summary> @@ -67175,7 +67228,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_pstore_dirs" lineno="4550"> +<interface name="fs_getattr_pstore_dirs" lineno="4608"> <summary> Get the attributes of directories of a pstore filesystem. @@ -67186,7 +67239,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_create_pstore_dirs" lineno="4569"> +<interface name="fs_create_pstore_dirs" lineno="4627"> <summary> Create pstore directories. </summary> @@ -67196,7 +67249,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabel_pstore_dirs" lineno="4588"> +<interface name="fs_relabel_pstore_dirs" lineno="4646"> <summary> Relabel to/from pstore_t directories. </summary> @@ -67206,7 +67259,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_pstore_dirs" lineno="4607"> +<interface name="fs_list_pstore_dirs" lineno="4665"> <summary> List the directories of a pstore filesystem. @@ -67217,7 +67270,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_pstore_files" lineno="4626"> +<interface name="fs_read_pstore_files" lineno="4684"> <summary> Read pstore_t files </summary> @@ -67227,7 +67280,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_delete_pstore_files" lineno="4645"> +<interface name="fs_delete_pstore_files" lineno="4703"> <summary> Delete the files of a pstore filesystem. @@ -67238,7 +67291,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_associate_ramfs" lineno="4664"> +<interface name="fs_associate_ramfs" lineno="4722"> <summary> Allow the type to associate to ramfs filesystems. </summary> @@ -67248,7 +67301,7 @@ The type of the object to be associated. </summary> </param> </interface> -<interface name="fs_mount_ramfs" lineno="4682"> +<interface name="fs_mount_ramfs" lineno="4740"> <summary> Mount a RAM filesystem. </summary> @@ -67258,7 +67311,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_ramfs" lineno="4701"> +<interface name="fs_remount_ramfs" lineno="4759"> <summary> Remount a RAM filesystem. This allows some mount options to be changed. @@ -67269,7 +67322,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_ramfs" lineno="4719"> +<interface name="fs_unmount_ramfs" lineno="4777"> <summary> Unmount a RAM filesystem. </summary> @@ -67279,7 +67332,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_ramfs" lineno="4737"> +<interface name="fs_getattr_ramfs" lineno="4795"> <summary> Get the attributes of a RAM filesystem. </summary> @@ -67289,7 +67342,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_ramfs" lineno="4755"> +<interface name="fs_search_ramfs" lineno="4813"> <summary> Search directories on a ramfs </summary> @@ -67299,7 +67352,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_search_ramfs" lineno="4773"> +<interface name="fs_dontaudit_search_ramfs" lineno="4831"> <summary> Dontaudit Search directories on a ramfs </summary> @@ -67309,7 +67362,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_setattr_ramfs_dirs" lineno="4792"> +<interface name="fs_setattr_ramfs_dirs" lineno="4850"> <summary> Set the attributes of directories on a ramfs. @@ -67320,7 +67373,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_ramfs_dirs" lineno="4811"> +<interface name="fs_manage_ramfs_dirs" lineno="4869"> <summary> Create, read, write, and delete directories on a ramfs. @@ -67331,7 +67384,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_read_ramfs_files" lineno="4829"> +<interface name="fs_dontaudit_read_ramfs_files" lineno="4887"> <summary> Dontaudit read on a ramfs files. </summary> @@ -67341,7 +67394,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_dontaudit_read_ramfs_pipes" lineno="4847"> +<interface name="fs_dontaudit_read_ramfs_pipes" lineno="4905"> <summary> Dontaudit read on a ramfs fifo_files. </summary> @@ -67351,7 +67404,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_ramfs_files" lineno="4866"> +<interface name="fs_manage_ramfs_files" lineno="4924"> <summary> Create, read, write, and delete files on a ramfs filesystem. @@ -67362,7 +67415,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_write_ramfs_pipes" lineno="4884"> +<interface name="fs_write_ramfs_pipes" lineno="4942"> <summary> Write to named pipe on a ramfs filesystem. </summary> @@ -67372,7 +67425,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_write_ramfs_pipes" lineno="4903"> +<interface name="fs_dontaudit_write_ramfs_pipes" lineno="4961"> <summary> Do not audit attempts to write to named pipes on a ramfs filesystem. @@ -67383,7 +67436,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_rw_ramfs_pipes" lineno="4921"> +<interface name="fs_rw_ramfs_pipes" lineno="4979"> <summary> Read and write a named pipe on a ramfs filesystem. </summary> @@ -67393,7 +67446,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_ramfs_pipes" lineno="4940"> +<interface name="fs_manage_ramfs_pipes" lineno="4998"> <summary> Create, read, write, and delete named pipes on a ramfs filesystem. @@ -67404,7 +67457,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_write_ramfs_sockets" lineno="4958"> +<interface name="fs_write_ramfs_sockets" lineno="5016"> <summary> Write to named socket on a ramfs filesystem. </summary> @@ -67414,7 +67467,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_ramfs_sockets" lineno="4977"> +<interface name="fs_manage_ramfs_sockets" lineno="5035"> <summary> Create, read, write, and delete named sockets on a ramfs filesystem. @@ -67425,7 +67478,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mount_romfs" lineno="4995"> +<interface name="fs_mount_romfs" lineno="5053"> <summary> Mount a ROM filesystem. </summary> @@ -67435,7 +67488,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_romfs" lineno="5014"> +<interface name="fs_remount_romfs" lineno="5072"> <summary> Remount a ROM filesystem. This allows some mount options to be changed. @@ -67446,7 +67499,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_romfs" lineno="5032"> +<interface name="fs_unmount_romfs" lineno="5090"> <summary> Unmount a ROM filesystem. </summary> @@ -67456,7 +67509,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_romfs" lineno="5051"> +<interface name="fs_getattr_romfs" lineno="5109"> <summary> Get the attributes of a ROM filesystem. @@ -67467,7 +67520,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mount_rpc_pipefs" lineno="5069"> +<interface name="fs_mount_rpc_pipefs" lineno="5127"> <summary> Mount a RPC pipe filesystem. </summary> @@ -67477,7 +67530,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_rpc_pipefs" lineno="5088"> +<interface name="fs_remount_rpc_pipefs" lineno="5146"> <summary> Remount a RPC pipe filesystem. This allows some mount option to be changed. @@ -67488,7 +67541,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_rpc_pipefs" lineno="5106"> +<interface name="fs_unmount_rpc_pipefs" lineno="5164"> <summary> Unmount a RPC pipe filesystem. </summary> @@ -67498,7 +67551,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_rpc_pipefs" lineno="5125"> +<interface name="fs_getattr_rpc_pipefs" lineno="5183"> <summary> Get the attributes of a RPC pipe filesystem. @@ -67509,7 +67562,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_rpc_named_pipes" lineno="5143"> +<interface name="fs_rw_rpc_named_pipes" lineno="5201"> <summary> Read and write RPC pipe filesystem named pipes. </summary> @@ -67519,7 +67572,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_watch_rpc_pipefs_dirs" lineno="5161"> +<interface name="fs_watch_rpc_pipefs_dirs" lineno="5219"> <summary> Watch RPC pipe filesystem directories. </summary> @@ -67529,7 +67582,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mount_tmpfs" lineno="5179"> +<interface name="fs_mount_tmpfs" lineno="5237"> <summary> Mount a tmpfs filesystem. </summary> @@ -67539,7 +67592,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_tmpfs" lineno="5197"> +<interface name="fs_remount_tmpfs" lineno="5255"> <summary> Remount a tmpfs filesystem. </summary> @@ -67549,7 +67602,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_tmpfs" lineno="5215"> +<interface name="fs_unmount_tmpfs" lineno="5273"> <summary> Unmount a tmpfs filesystem. </summary> @@ -67559,7 +67612,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_getattr_tmpfs" lineno="5233"> +<interface name="fs_dontaudit_getattr_tmpfs" lineno="5291"> <summary> Do not audit getting the attributes of a tmpfs filesystem </summary> @@ -67569,7 +67622,7 @@ Domain to not audit </summary> </param> </interface> -<interface name="fs_getattr_tmpfs" lineno="5253"> +<interface name="fs_getattr_tmpfs" lineno="5311"> <summary> Get the attributes of a tmpfs filesystem. @@ -67581,7 +67634,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_associate_tmpfs" lineno="5271"> +<interface name="fs_associate_tmpfs" lineno="5329"> <summary> Allow the type to associate to tmpfs filesystems. </summary> @@ -67591,7 +67644,7 @@ The type of the object to be associated. </summary> </param> </interface> -<interface name="fs_relabelfrom_tmpfs" lineno="5289"> +<interface name="fs_relabelfrom_tmpfs" lineno="5347"> <summary> Relabel from tmpfs filesystem. </summary> @@ -67601,7 +67654,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_tmpfs_dirs" lineno="5307"> +<interface name="fs_getattr_tmpfs_dirs" lineno="5365"> <summary> Get the attributes of tmpfs directories. </summary> @@ -67611,7 +67664,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="5326"> +<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="5384"> <summary> Do not audit attempts to get the attributes of tmpfs directories. @@ -67622,7 +67675,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_mounton_tmpfs" lineno="5344"> +<interface name="fs_mounton_tmpfs" lineno="5402"> <summary> Mount on tmpfs directories. </summary> @@ -67632,7 +67685,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mounton_tmpfs_files" lineno="5362"> +<interface name="fs_mounton_tmpfs_files" lineno="5420"> <summary> Mount on tmpfs files. </summary> @@ -67642,7 +67695,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_setattr_tmpfs_dirs" lineno="5380"> +<interface name="fs_setattr_tmpfs_dirs" lineno="5438"> <summary> Set the attributes of tmpfs directories. </summary> @@ -67652,7 +67705,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_tmpfs" lineno="5398"> +<interface name="fs_search_tmpfs" lineno="5456"> <summary> Search tmpfs directories. </summary> @@ -67662,7 +67715,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_tmpfs" lineno="5416"> +<interface name="fs_list_tmpfs" lineno="5474"> <summary> List the contents of generic tmpfs directories. </summary> @@ -67672,7 +67725,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_list_tmpfs" lineno="5435"> +<interface name="fs_dontaudit_list_tmpfs" lineno="5493"> <summary> Do not audit attempts to list the contents of generic tmpfs directories. @@ -67683,7 +67736,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_tmpfs_dirs" lineno="5454"> +<interface name="fs_manage_tmpfs_dirs" lineno="5512"> <summary> Create, read, write, and delete tmpfs directories @@ -67694,7 +67747,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="5473"> +<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="5531"> <summary> Do not audit attempts to write tmpfs directories @@ -67705,7 +67758,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_relabelfrom_tmpfs_dirs" lineno="5491"> +<interface name="fs_relabelfrom_tmpfs_dirs" lineno="5549"> <summary> Relabel from tmpfs_t dir </summary> @@ -67715,7 +67768,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabel_tmpfs_dirs" lineno="5509"> +<interface name="fs_relabel_tmpfs_dirs" lineno="5567"> <summary> Relabel directory on tmpfs filesystems. </summary> @@ -67725,7 +67778,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_watch_tmpfs_dirs" lineno="5526"> +<interface name="fs_watch_tmpfs_dirs" lineno="5584"> <summary> Watch directories on tmpfs filesystems. </summary> @@ -67735,7 +67788,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_tmpfs_filetrans" lineno="5560"> +<interface name="fs_tmpfs_filetrans" lineno="5618"> <summary> Create an object in a tmpfs filesystem, with a private type using a type transition. @@ -67761,7 +67814,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="5580"> +<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="5638"> <summary> Do not audit attempts to getattr generic tmpfs files. @@ -67772,7 +67825,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_dontaudit_rw_tmpfs_files" lineno="5599"> +<interface name="fs_dontaudit_rw_tmpfs_files" lineno="5657"> <summary> Do not audit attempts to read or write generic tmpfs files. @@ -67783,7 +67836,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_delete_tmpfs_symlinks" lineno="5617"> +<interface name="fs_delete_tmpfs_symlinks" lineno="5675"> <summary> Delete tmpfs symbolic links. </summary> @@ -67793,7 +67846,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_auto_mountpoints" lineno="5636"> +<interface name="fs_manage_auto_mountpoints" lineno="5694"> <summary> Create, read, write, and delete auto moutpoints. @@ -67804,7 +67857,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_tmpfs_files" lineno="5654"> +<interface name="fs_read_tmpfs_files" lineno="5712"> <summary> Read generic tmpfs files. </summary> @@ -67814,7 +67867,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_tmpfs_files" lineno="5672"> +<interface name="fs_rw_tmpfs_files" lineno="5730"> <summary> Read and write generic tmpfs files. </summary> @@ -67824,7 +67877,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabel_tmpfs_files" lineno="5690"> +<interface name="fs_relabel_tmpfs_files" lineno="5748"> <summary> Relabel files on tmpfs filesystems. </summary> @@ -67834,7 +67887,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_read_tmpfs_symlinks" lineno="5708"> +<interface name="fs_read_tmpfs_symlinks" lineno="5766"> <summary> Read tmpfs link files. </summary> @@ -67844,7 +67897,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabelfrom_tmpfs_sockets" lineno="5726"> +<interface name="fs_relabelfrom_tmpfs_sockets" lineno="5784"> <summary> Relabelfrom socket files on tmpfs filesystems. </summary> @@ -67854,7 +67907,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="5744"> +<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="5802"> <summary> Relabelfrom tmpfs link files. </summary> @@ -67864,7 +67917,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_tmpfs_chr_files" lineno="5762"> +<interface name="fs_rw_tmpfs_chr_files" lineno="5820"> <summary> Read and write character nodes on tmpfs filesystems. </summary> @@ -67874,7 +67927,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="5781"> +<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="5839"> <summary> dontaudit Read and write character nodes on tmpfs filesystems. </summary> @@ -67884,7 +67937,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_relabel_tmpfs_chr_files" lineno="5800"> +<interface name="fs_relabel_tmpfs_chr_files" lineno="5858"> <summary> Relabel character nodes on tmpfs filesystems. </summary> @@ -67894,7 +67947,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_rw_tmpfs_blk_files" lineno="5819"> +<interface name="fs_rw_tmpfs_blk_files" lineno="5877"> <summary> Read and write block nodes on tmpfs filesystems. </summary> @@ -67904,7 +67957,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabel_tmpfs_blk_files" lineno="5838"> +<interface name="fs_relabel_tmpfs_blk_files" lineno="5896"> <summary> Relabel block nodes on tmpfs filesystems. </summary> @@ -67914,7 +67967,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_relabel_tmpfs_fifo_files" lineno="5857"> +<interface name="fs_relabel_tmpfs_fifo_files" lineno="5915"> <summary> Relabel named pipes on tmpfs filesystems. </summary> @@ -67924,7 +67977,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_tmpfs_files" lineno="5877"> +<interface name="fs_manage_tmpfs_files" lineno="5935"> <summary> Read and write, create and delete generic files on tmpfs filesystems. @@ -67935,7 +67988,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_tmpfs_symlinks" lineno="5896"> +<interface name="fs_manage_tmpfs_symlinks" lineno="5954"> <summary> Read and write, create and delete symbolic links on tmpfs filesystems. @@ -67946,7 +67999,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_tmpfs_sockets" lineno="5915"> +<interface name="fs_manage_tmpfs_sockets" lineno="5973"> <summary> Read and write, create and delete socket files on tmpfs filesystems. @@ -67957,7 +68010,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_tmpfs_chr_files" lineno="5934"> +<interface name="fs_manage_tmpfs_chr_files" lineno="5992"> <summary> Read and write, create and delete character nodes on tmpfs filesystems. @@ -67968,7 +68021,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_tmpfs_blk_files" lineno="5953"> +<interface name="fs_manage_tmpfs_blk_files" lineno="6011"> <summary> Read and write, create and delete block nodes on tmpfs filesystems. @@ -67979,7 +68032,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_tracefs" lineno="5971"> +<interface name="fs_getattr_tracefs" lineno="6029"> <summary> Get the attributes of a trace filesystem. </summary> @@ -67989,7 +68042,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_tracefs_dirs" lineno="5989"> +<interface name="fs_getattr_tracefs_dirs" lineno="6047"> <summary> Get attributes of dirs on tracefs filesystem. </summary> @@ -67999,7 +68052,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_tracefs" lineno="6007"> +<interface name="fs_search_tracefs" lineno="6065"> <summary> search directories on a tracefs filesystem </summary> @@ -68009,7 +68062,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_tracefs_files" lineno="6026"> +<interface name="fs_getattr_tracefs_files" lineno="6084"> <summary> Get the attributes of files on a trace filesystem. @@ -68020,7 +68073,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_mount_xenfs" lineno="6044"> +<interface name="fs_mount_xenfs" lineno="6102"> <summary> Mount a XENFS filesystem. </summary> @@ -68030,7 +68083,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_xenfs" lineno="6062"> +<interface name="fs_search_xenfs" lineno="6120"> <summary> Search the XENFS filesystem. </summary> @@ -68040,7 +68093,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_manage_xenfs_dirs" lineno="6082"> +<interface name="fs_manage_xenfs_dirs" lineno="6140"> <summary> Create, read, write, and delete directories on a XENFS filesystem. @@ -68052,7 +68105,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="6102"> +<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="6160"> <summary> Do not audit attempts to create, read, write, and delete directories @@ -68064,7 +68117,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_manage_xenfs_files" lineno="6122"> +<interface name="fs_manage_xenfs_files" lineno="6180"> <summary> Create, read, write, and delete files on a XENFS filesystem. @@ -68076,7 +68129,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_mmap_xenfs_files" lineno="6140"> +<interface name="fs_mmap_xenfs_files" lineno="6198"> <summary> Map files a XENFS filesystem. </summary> @@ -68086,7 +68139,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_manage_xenfs_files" lineno="6160"> +<interface name="fs_dontaudit_manage_xenfs_files" lineno="6218"> <summary> Do not audit attempts to create, read, write, and delete files @@ -68098,7 +68151,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_mount_all_fs" lineno="6178"> +<interface name="fs_mount_all_fs" lineno="6236"> <summary> Mount all filesystems. </summary> @@ -68108,7 +68161,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_remount_all_fs" lineno="6197"> +<interface name="fs_remount_all_fs" lineno="6255"> <summary> Remount all filesystems. This allows some mount options to be changed. @@ -68119,7 +68172,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unmount_all_fs" lineno="6215"> +<interface name="fs_unmount_all_fs" lineno="6273"> <summary> Unmount all filesystems. </summary> @@ -68129,7 +68182,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_all_fs" lineno="6247"> +<interface name="fs_getattr_all_fs" lineno="6305"> <summary> Get the attributes of all filesystems. </summary> @@ -68153,7 +68206,7 @@ Domain allowed access. <infoflow type="read" weight="5"/> <rolecap/> </interface> -<interface name="fs_dontaudit_getattr_all_fs" lineno="6267"> +<interface name="fs_dontaudit_getattr_all_fs" lineno="6325"> <summary> Do not audit attempts to get the attributes all filesystems. @@ -68164,7 +68217,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_get_all_fs_quotas" lineno="6286"> +<interface name="fs_get_all_fs_quotas" lineno="6344"> <summary> Get the quotas of all filesystems. </summary> @@ -68175,7 +68228,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_set_all_quotas" lineno="6305"> +<interface name="fs_set_all_quotas" lineno="6363"> <summary> Set the quotas of all filesystems. </summary> @@ -68186,7 +68239,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="fs_relabelfrom_all_fs" lineno="6323"> +<interface name="fs_relabelfrom_all_fs" lineno="6381"> <summary> Relabelfrom all filesystems. </summary> @@ -68196,7 +68249,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_all_dirs" lineno="6342"> +<interface name="fs_getattr_all_dirs" lineno="6400"> <summary> Get the attributes of all directories with a filesystem type. @@ -68207,7 +68260,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_search_all" lineno="6360"> +<interface name="fs_search_all" lineno="6418"> <summary> Search all directories with a filesystem type. </summary> @@ -68217,7 +68270,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_list_all" lineno="6378"> +<interface name="fs_list_all" lineno="6436"> <summary> List all directories with a filesystem type. </summary> @@ -68227,7 +68280,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_all_files" lineno="6397"> +<interface name="fs_getattr_all_files" lineno="6455"> <summary> Get the attributes of all files with a filesystem type. @@ -68238,7 +68291,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_getattr_all_files" lineno="6416"> +<interface name="fs_dontaudit_getattr_all_files" lineno="6474"> <summary> Do not audit attempts to get the attributes of all files with a filesystem type. @@ -68249,7 +68302,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_getattr_all_symlinks" lineno="6435"> +<interface name="fs_getattr_all_symlinks" lineno="6493"> <summary> Get the attributes of all symbolic links with a filesystem type. @@ -68260,7 +68313,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_getattr_all_symlinks" lineno="6454"> +<interface name="fs_dontaudit_getattr_all_symlinks" lineno="6512"> <summary> Do not audit attempts to get the attributes of all symbolic links with a filesystem type. @@ -68271,7 +68324,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_getattr_all_pipes" lineno="6473"> +<interface name="fs_getattr_all_pipes" lineno="6531"> <summary> Get the attributes of all named pipes with a filesystem type. @@ -68282,7 +68335,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_getattr_all_pipes" lineno="6492"> +<interface name="fs_dontaudit_getattr_all_pipes" lineno="6550"> <summary> Do not audit attempts to get the attributes of all named pipes with a filesystem type. @@ -68293,7 +68346,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_getattr_all_sockets" lineno="6511"> +<interface name="fs_getattr_all_sockets" lineno="6569"> <summary> Get the attributes of all named sockets with a filesystem type. @@ -68304,7 +68357,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_dontaudit_getattr_all_sockets" lineno="6530"> +<interface name="fs_dontaudit_getattr_all_sockets" lineno="6588"> <summary> Do not audit attempts to get the attributes of all named sockets with a filesystem type. @@ -68315,7 +68368,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="fs_getattr_all_blk_files" lineno="6549"> +<interface name="fs_getattr_all_blk_files" lineno="6607"> <summary> Get the attributes of all block device nodes with a filesystem type. @@ -68326,7 +68379,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_getattr_all_chr_files" lineno="6568"> +<interface name="fs_getattr_all_chr_files" lineno="6626"> <summary> Get the attributes of all character device nodes with a filesystem type. @@ -68337,7 +68390,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="fs_unconfined" lineno="6586"> +<interface name="fs_unconfined" lineno="6644"> <summary> Unconfined access to filesystems </summary> @@ -71360,7 +71413,18 @@ Domain to not audit. </summary> </param> </interface> -<interface name="selinux_dontaudit_getattr_dir" lineno="214"> +<interface name="selinux_getattr_dirs" lineno="214"> +<summary> +Get the attributes of the selinuxfs +directory. +</summary> +<param name="domain"> +<summary> +Domain to not audit. +</summary> +</param> +</interface> +<interface name="selinux_dontaudit_getattr_dir" lineno="233"> <summary> Do not audit attempts to get the attributes of the selinuxfs directory. @@ -71371,7 +71435,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="selinux_search_fs" lineno="232"> +<interface name="selinux_search_fs" lineno="251"> <summary> Search selinuxfs. </summary> @@ -71381,7 +71445,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="selinux_dontaudit_search_fs" lineno="251"> +<interface name="selinux_dontaudit_search_fs" lineno="270"> <summary> Do not audit attempts to search selinuxfs. </summary> @@ -71391,7 +71455,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="selinux_dontaudit_read_fs" lineno="270"> +<interface name="selinux_dontaudit_read_fs" lineno="289"> <summary> Do not audit attempts to read generic selinuxfs entries @@ -71402,7 +71466,17 @@ Domain to not audit. </summary> </param> </interface> -<interface name="selinux_get_enforce_mode" lineno="291"> +<interface name="selinux_mounton_dirs" lineno="308"> +<summary> +Mount on the selinuxfs directory. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="selinux_get_enforce_mode" lineno="328"> <summary> Allows the caller to get the mode of policy enforcement (enforcing or permissive mode). @@ -71414,7 +71488,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_set_enforce_mode" lineno="323"> +<interface name="selinux_set_enforce_mode" lineno="360"> <summary> Allow caller to set the mode of policy enforcement (enforcing or permissive mode). @@ -71436,7 +71510,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_load_policy" lineno="341"> +<interface name="selinux_load_policy" lineno="378"> <summary> Allow caller to load the policy into the kernel. </summary> @@ -71446,7 +71520,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="selinux_read_policy" lineno="359"> +<interface name="selinux_read_policy" lineno="396"> <summary> Allow caller to read the policy from the kernel. </summary> @@ -71456,7 +71530,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="selinux_set_generic_booleans" lineno="392"> +<interface name="selinux_set_generic_booleans" lineno="429"> <summary> Allow caller to set the state of generic Booleans to enable or disable conditional portions of the policy. @@ -71478,7 +71552,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_set_all_booleans" lineno="434"> +<interface name="selinux_set_all_booleans" lineno="471"> <summary> Allow caller to set the state of all Booleans to enable or disable conditional portions of the policy. @@ -71500,7 +71574,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_get_all_booleans" lineno="476"> +<interface name="selinux_get_all_booleans" lineno="513"> <summary> Allow caller to get the state of all Booleans to view conditional portions of the policy. @@ -71512,7 +71586,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_set_parameters" lineno="510"> +<interface name="selinux_set_parameters" lineno="547"> <summary> Allow caller to set SELinux access vector cache parameters. </summary> @@ -71534,7 +71608,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_validate_context" lineno="529"> +<interface name="selinux_validate_context" lineno="566"> <summary> Allows caller to validate security contexts. </summary> @@ -71545,7 +71619,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_dontaudit_validate_context" lineno="551"> +<interface name="selinux_dontaudit_validate_context" lineno="588"> <summary> Do not audit attempts to validate security contexts. </summary> @@ -71556,7 +71630,7 @@ Domain to not audit. </param> <rolecap/> </interface> -<interface name="selinux_compute_access_vector" lineno="572"> +<interface name="selinux_compute_access_vector" lineno="609"> <summary> Allows caller to compute an access vector. </summary> @@ -71567,7 +71641,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_compute_create_context" lineno="595"> +<interface name="selinux_compute_create_context" lineno="632"> <summary> Calculate the default type for object creation. </summary> @@ -71578,7 +71652,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_compute_member" lineno="617"> +<interface name="selinux_compute_member" lineno="654"> <summary> Allows caller to compute polyinstatntiated directory members. @@ -71589,7 +71663,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="selinux_compute_relabel_context" lineno="647"> +<interface name="selinux_compute_relabel_context" lineno="684"> <summary> Calculate the context for relabeling objects. </summary> @@ -71608,7 +71682,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="selinux_compute_user_contexts" lineno="668"> +<interface name="selinux_compute_user_contexts" lineno="705"> <summary> Allows caller to compute possible contexts for a user. </summary> @@ -71618,7 +71692,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="selinux_use_status_page" lineno="690"> +<interface name="selinux_use_status_page" lineno="727"> <summary> Allows the caller to use the SELinux status page. </summary> @@ -71629,7 +71703,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="selinux_unconfined" lineno="710"> +<interface name="selinux_unconfined" lineno="747"> <summary> Unconfined access to the SELinux kernel security server. </summary> @@ -77965,7 +78039,18 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_read_config" lineno="1087"> +<interface name="container_search_config" lineno="1087"> +<summary> +Allow the specified domain to +search container config directories. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="container_read_config" lineno="1107"> <summary> Allow the specified domain to read container config files. @@ -77976,7 +78061,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_watch_config_dirs" lineno="1107"> +<interface name="container_watch_config_dirs" lineno="1127"> <summary> Allow the specified domain to watch container config directories. @@ -77987,7 +78072,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_create_config_files" lineno="1126"> +<interface name="container_create_config_files" lineno="1146"> <summary> Allow the specified domain to create container config files. @@ -77998,7 +78083,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_rw_config_files" lineno="1145"> +<interface name="container_rw_config_files" lineno="1165"> <summary> Allow the specified domain to read and write container config files. @@ -78009,7 +78094,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_config_files" lineno="1164"> +<interface name="container_manage_config_files" lineno="1184"> <summary> Allow the specified domain to manage container config files. @@ -78020,7 +78105,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_file_root_filetrans" lineno="1185"> +<interface name="container_file_root_filetrans" lineno="1205"> <summary> Allow the specified domain to create container files in the @@ -78033,7 +78118,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_dirs" lineno="1204"> +<interface name="container_manage_dirs" lineno="1224"> <summary> Allow the specified domain to manage container file directories. @@ -78044,7 +78129,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_watch_dirs" lineno="1223"> +<interface name="container_watch_dirs" lineno="1243"> <summary> Allow the specified domain to watch container file directories. @@ -78055,7 +78140,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_files" lineno="1242"> +<interface name="container_manage_files" lineno="1262"> <summary> Allow the specified domain to manage container files. @@ -78066,7 +78151,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_dontaudit_relabel_dirs" lineno="1261"> +<interface name="container_dontaudit_relabel_dirs" lineno="1281"> <summary> Do not audit attempts to relabel container file directories. @@ -78077,7 +78162,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="container_dontaudit_relabel_files" lineno="1280"> +<interface name="container_dontaudit_relabel_files" lineno="1300"> <summary> Do not audit attempts to relabel container files. @@ -78088,7 +78173,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="container_manage_lnk_files" lineno="1299"> +<interface name="container_manage_lnk_files" lineno="1319"> <summary> Allow the specified domain to manage container lnk files. @@ -78099,7 +78184,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_rw_fifo_files" lineno="1318"> +<interface name="container_rw_fifo_files" lineno="1338"> <summary> Allow the specified domain to read and write container fifo files. @@ -78110,7 +78195,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_fifo_files" lineno="1337"> +<interface name="container_manage_fifo_files" lineno="1357"> <summary> Allow the specified domain to manage container fifo files. @@ -78121,7 +78206,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_sock_files" lineno="1356"> +<interface name="container_manage_sock_files" lineno="1376"> <summary> Allow the specified domain to manage container sock files. @@ -78132,7 +78217,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_rw_chr_files" lineno="1375"> +<interface name="container_rw_chr_files" lineno="1395"> <summary> Allow the specified domain to read and write container chr files. @@ -78143,7 +78228,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_dontaudit_rw_chr_files" lineno="1394"> +<interface name="container_dontaudit_rw_chr_files" lineno="1414"> <summary> Do not audit attempts to read and write container chr files. @@ -78154,7 +78239,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_chr_files" lineno="1413"> +<interface name="container_manage_chr_files" lineno="1433"> <summary> Allow the specified domain to manage container chr files. @@ -78165,7 +78250,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_spec_filetrans_file" lineno="1449"> +<interface name="container_spec_filetrans_file" lineno="1469"> <summary> Allow the specified domain to create objects in specified directories with @@ -78193,7 +78278,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="container_list_ro_dirs" lineno="1469"> +<interface name="container_list_ro_dirs" lineno="1489"> <summary> Allow the specified domain to list the contents of read-only container @@ -78205,7 +78290,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_home_config" lineno="1488"> +<interface name="container_manage_home_config" lineno="1508"> <summary> Allow the specified domain to manage container config home content. @@ -78216,7 +78301,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_config_home_filetrans" lineno="1520"> +<interface name="container_config_home_filetrans" lineno="1540"> <summary> Allow the specified domain to create objects in an xdg_config directory @@ -78239,7 +78324,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="container_manage_home_data_files" lineno="1540"> +<interface name="container_manage_home_data_files" lineno="1560"> <summary> Allow the specified domain to manage container data home files. @@ -78250,7 +78335,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_home_data_fifo_files" lineno="1560"> +<interface name="container_manage_home_data_fifo_files" lineno="1580"> <summary> Allow the specified domain to manage container data home named @@ -78262,7 +78347,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_home_data_sock_files" lineno="1580"> +<interface name="container_manage_home_data_sock_files" lineno="1600"> <summary> Allow the specified domain to manage container data home named @@ -78274,7 +78359,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_admin_all_files" lineno="1598"> +<interface name="container_admin_all_files" lineno="1618"> <summary> Administrate all container files. </summary> @@ -78284,7 +78369,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_admin_all_ro_files" lineno="1618"> +<interface name="container_admin_all_ro_files" lineno="1638"> <summary> Administrate all container read-only files. </summary> @@ -78294,7 +78379,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_admin_all_user_runtime_content" lineno="1640"> +<interface name="container_admin_all_user_runtime_content" lineno="1660"> <summary> All of the rules necessary for a user to manage user container runtime data @@ -78306,7 +78391,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_all_home_content" lineno="1660"> +<interface name="container_manage_all_home_content" lineno="1680"> <summary> All of the rules necessary for a user to manage container data in their home @@ -78318,7 +78403,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_relabel_all_content" lineno="1704"> +<interface name="container_relabel_all_content" lineno="1724"> <summary> Allow the specified domain to relabel container files and @@ -78330,7 +78415,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_remount_fs" lineno="1723"> +<interface name="container_remount_fs" lineno="1743"> <summary> Allow the specified domain to remount container filesystems. @@ -78341,7 +78426,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_relabel_fs" lineno="1742"> +<interface name="container_relabel_fs" lineno="1762"> <summary> Allow the specified domain to relabel container filesystems. @@ -78352,7 +78437,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_getattr_fs" lineno="1762"> +<interface name="container_getattr_fs" lineno="1782"> <summary> Allow the specified domain to get the attributes of container @@ -78364,7 +78449,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_search_runtime" lineno="1781"> +<interface name="container_search_runtime" lineno="1801"> <summary> Allow the specified domain to search runtime container directories. @@ -78375,7 +78460,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_read_runtime_files" lineno="1801"> +<interface name="container_read_runtime_files" lineno="1821"> <summary> Allow the specified domain to read runtime container files. @@ -78386,7 +78471,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_getattr_runtime_sock_files" lineno="1822"> +<interface name="container_getattr_runtime_sock_files" lineno="1842"> <summary> Allow the specified domain to get the attributes runtime container of @@ -78398,7 +78483,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_runtime_files" lineno="1841"> +<interface name="container_manage_runtime_files" lineno="1861"> <summary> Allow the specified domain to manage runtime container files. @@ -78409,7 +78494,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_runtime_fifo_files" lineno="1860"> +<interface name="container_manage_runtime_fifo_files" lineno="1880"> <summary> Allow the specified domain to manage runtime container named pipes. @@ -78420,7 +78505,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_runtime_lnk_files" lineno="1879"> +<interface name="container_manage_runtime_lnk_files" lineno="1899"> <summary> Allow the specified domain to manage runtime container symlinks. @@ -78431,7 +78516,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_runtime_sock_files" lineno="1898"> +<interface name="container_manage_runtime_sock_files" lineno="1918"> <summary> Allow the specified domain to manage runtime container named sockets. @@ -78442,7 +78527,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_user_runtime_files" lineno="1917"> +<interface name="container_manage_user_runtime_files" lineno="1937"> <summary> Allow the specified domain to manage user runtime container files. @@ -78453,7 +78538,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_rw_user_runtime_sock_files" lineno="1936"> +<interface name="container_rw_user_runtime_sock_files" lineno="1956"> <summary> Allow the specified domain to read and write user runtime container named sockets. @@ -78464,7 +78549,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_search_var_lib" lineno="1955"> +<interface name="container_search_var_lib" lineno="1975"> <summary> Allow the specified domain to search container directories in /var/lib. @@ -78475,7 +78560,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_list_var_lib" lineno="1976"> +<interface name="container_list_var_lib" lineno="1996"> <summary> Allow the specified domain to list the contents of container directories @@ -78487,7 +78572,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_var_lib_dirs" lineno="1996"> +<interface name="container_manage_var_lib_dirs" lineno="2016"> <summary> Allow the specified domain to manage container file directories in /var/lib. @@ -78498,7 +78583,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_read_var_lib_files" lineno="2015"> +<interface name="container_read_var_lib_files" lineno="2035"> <summary> Allow the specified domain to read container files in /var/lib. @@ -78509,7 +78594,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_var_lib_files" lineno="2034"> +<interface name="container_manage_var_lib_files" lineno="2054"> <summary> Allow the specified domain to manage container files in /var/lib. @@ -78520,7 +78605,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_map_var_lib_files" lineno="2053"> +<interface name="container_map_var_lib_files" lineno="2073"> <summary> Allow the specified domain to memory map container files in /var/lib. @@ -78531,7 +78616,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_var_lib_fifo_files" lineno="2072"> +<interface name="container_manage_var_lib_fifo_files" lineno="2092"> <summary> Allow the specified domain to manage container named pipes in /var/lib. @@ -78542,7 +78627,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_var_lib_lnk_files" lineno="2091"> +<interface name="container_manage_var_lib_lnk_files" lineno="2111"> <summary> Allow the specified domain to manage container symlinks in /var/lib. @@ -78553,7 +78638,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_var_lib_sock_files" lineno="2110"> +<interface name="container_manage_var_lib_sock_files" lineno="2130"> <summary> Allow the specified domain to manage container named sockets in /var/lib. @@ -78564,7 +78649,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_var_lib_filetrans" lineno="2140"> +<interface name="container_var_lib_filetrans" lineno="2160"> <summary> Allow the specified domain to create objects in /var/lib with an automatic @@ -78586,7 +78671,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="container_var_lib_filetrans_file" lineno="2170"> +<interface name="container_var_lib_filetrans_file" lineno="2190"> <summary> Allow the specified domain to create objects in /var/lib with an automatic @@ -78608,7 +78693,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="container_filetrans_var_lib_file" lineno="2201"> +<interface name="container_filetrans_var_lib_file" lineno="2221"> <summary> Allow the specified domain to create objects in container /var/lib directories @@ -78631,7 +78716,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="container_unlabeled_var_lib_filetrans" lineno="2233"> +<interface name="container_unlabeled_var_lib_filetrans" lineno="2253"> <summary> Allow the specified domain to create objects in unlabeled directories with @@ -78654,7 +78739,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="container_search_logs" lineno="2254"> +<interface name="container_search_logs" lineno="2274"> <summary> Allow the specified domain to search container log file directories. @@ -78665,7 +78750,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_list_log_dirs" lineno="2274"> +<interface name="container_list_log_dirs" lineno="2294"> <summary> Allow the specified domain to list the contents of container log directories. @@ -78676,7 +78761,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_create_log_dirs" lineno="2293"> +<interface name="container_create_log_dirs" lineno="2313"> <summary> Allow the specified domain to create container log file directories. @@ -78687,7 +78772,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_log_dirs" lineno="2312"> +<interface name="container_manage_log_dirs" lineno="2332"> <summary> Allow the specified domain to manage container log file directories. @@ -78698,7 +78783,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_watch_log_dirs" lineno="2331"> +<interface name="container_watch_log_dirs" lineno="2351"> <summary> Allow the specified domain to watch container log file directories. @@ -78709,7 +78794,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_create_log_files" lineno="2350"> +<interface name="container_create_log_files" lineno="2370"> <summary> Allow the specified domain to create container log files. @@ -78720,7 +78805,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_append_log_files" lineno="2369"> +<interface name="container_append_log_files" lineno="2389"> <summary> Allow the specified domain to append data to container log files. @@ -78731,7 +78816,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_manage_log_files" lineno="2388"> +<interface name="container_manage_log_files" lineno="2408"> <summary> Allow the specified domain to manage container log files. @@ -78742,7 +78827,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_watch_log_files" lineno="2407"> +<interface name="container_watch_log_files" lineno="2427"> <summary> Allow the specified domain to watch container log files. @@ -78753,7 +78838,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_log_filetrans" lineno="2438"> +<interface name="container_log_filetrans" lineno="2458"> <summary> Allow the specified domain to create objects in log directories with an @@ -78776,7 +78861,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="container_manage_log_symlinks" lineno="2458"> +<interface name="container_manage_log_symlinks" lineno="2478"> <summary> Allow the specified domain to manage container log symlinks. @@ -78787,7 +78872,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_start_units" lineno="2477"> +<interface name="container_start_units" lineno="2497"> <summary> Allow the specified domain to start systemd units for containers. @@ -78798,7 +78883,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="container_admin" lineno="2504"> +<interface name="container_admin" lineno="2524"> <summary> All of the rules required to administrate a container @@ -86526,7 +86611,17 @@ Domain prefix to be used. </summary> </param> </template> -<interface name="munin_stream_connect" lineno="55"> +<interface name="munin_rw_tcp_sockets" lineno="54"> +<summary> +Permit to read/write Munin TCP sockets +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="munin_stream_connect" lineno="72"> <summary> Connect to munin over a unix domain stream socket. @@ -86537,7 +86632,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="munin_read_config" lineno="75"> +<interface name="munin_read_config" lineno="92"> <summary> Read munin configuration content. </summary> @@ -86548,7 +86643,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="munin_append_log" lineno="97"> +<interface name="munin_append_log" lineno="114"> <summary> Append munin log files. </summary> @@ -86559,7 +86654,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="munin_search_lib" lineno="117"> +<interface name="munin_search_lib" lineno="134"> <summary> Search munin library directories. </summary> @@ -86569,7 +86664,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="munin_dontaudit_search_lib" lineno="137"> +<interface name="munin_dontaudit_search_lib" lineno="154"> <summary> Do not audit attempts to search munin library directories. @@ -86580,7 +86675,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="munin_admin" lineno="162"> +<interface name="munin_admin" lineno="179"> <summary> All of the rules required to administrate an munin environment. @@ -98074,7 +98169,19 @@ Domain allowed access. </summary> </param> </interface> -<interface name="zfs_rw_zpool_cache" lineno="117"> +<interface name="zfs_filetrans_zpool_cache" lineno="119"> +<summary> +Create the zpool cache with an +automatic transition to the zpool +cache type. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="zfs_rw_zpool_cache" lineno="137"> <summary> Read and write zpool cache files. </summary> @@ -98084,7 +98191,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="zfs_admin" lineno="143"> +<interface name="zfs_admin" lineno="163"> <summary> All of the rules required to administrate a ZFS environment. @@ -105537,7 +105644,18 @@ Domain to not audit. </summary> </param> </interface> -<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="97"> +<interface name="sysnet_dontaudit_rw_dhcpc_dgram_sockets" lineno="97"> +<summary> +Do not audit attempts to read/write to the +dhcp unix datagram socket descriptors. +</summary> +<param name="domain"> +<summary> +Domain to not audit. +</summary> +</param> +</interface> +<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="116"> <summary> Do not audit attempts to read/write to the dhcp unix stream socket descriptors. @@ -105548,7 +105666,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="sysnet_sigchld_dhcpc" lineno="115"> +<interface name="sysnet_sigchld_dhcpc" lineno="134"> <summary> Send a SIGCHLD signal to the dhcp client. </summary> @@ -105558,7 +105676,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_kill_dhcpc" lineno="134"> +<interface name="sysnet_kill_dhcpc" lineno="153"> <summary> Send a kill signal to the dhcp client. </summary> @@ -105569,7 +105687,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="sysnet_sigstop_dhcpc" lineno="152"> +<interface name="sysnet_sigstop_dhcpc" lineno="171"> <summary> Send a SIGSTOP signal to the dhcp client. </summary> @@ -105579,7 +105697,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_signull_dhcpc" lineno="170"> +<interface name="sysnet_signull_dhcpc" lineno="189"> <summary> Send a null signal to the dhcp client. </summary> @@ -105589,7 +105707,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_signal_dhcpc" lineno="189"> +<interface name="sysnet_signal_dhcpc" lineno="208"> <summary> Send a generic signal to the dhcp client. </summary> @@ -105600,7 +105718,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="sysnet_dbus_chat_dhcpc" lineno="208"> +<interface name="sysnet_dbus_chat_dhcpc" lineno="227"> <summary> Send and receive messages from dhcpc over dbus. @@ -105611,7 +105729,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_rw_dhcp_config" lineno="228"> +<interface name="sysnet_rw_dhcp_config" lineno="247"> <summary> Read and write dhcp configuration files. </summary> @@ -105621,7 +105739,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_search_dhcpc_state" lineno="248"> +<interface name="sysnet_search_dhcpc_state" lineno="267"> <summary> Search the DHCP client state directories. @@ -105632,7 +105750,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_read_dhcpc_state" lineno="267"> +<interface name="sysnet_read_dhcpc_state" lineno="286"> <summary> Read dhcp client state files. </summary> @@ -105642,7 +105760,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_delete_dhcpc_state" lineno="285"> +<interface name="sysnet_delete_dhcpc_state" lineno="304"> <summary> Delete the dhcp client state files. </summary> @@ -105652,7 +105770,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_setattr_config" lineno="303"> +<interface name="sysnet_setattr_config" lineno="322"> <summary> Set the attributes of network config files. </summary> @@ -105662,7 +105780,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_read_config" lineno="343"> +<interface name="sysnet_read_config" lineno="362"> <summary> Read network config files. </summary> @@ -105693,7 +105811,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_mmap_config_files" lineno="386"> +<interface name="sysnet_mmap_config_files" lineno="405"> <summary> Map network config files. </summary> @@ -105709,7 +105827,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_mmap_read_config" lineno="411"> +<interface name="sysnet_mmap_read_config" lineno="430"> <summary> map network config files. </summary> @@ -105725,7 +105843,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_dontaudit_read_config" lineno="430"> +<interface name="sysnet_dontaudit_read_config" lineno="449"> <summary> Do not audit attempts to read network config files. </summary> @@ -105735,7 +105853,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="sysnet_write_config" lineno="448"> +<interface name="sysnet_write_config" lineno="467"> <summary> Write network config files. </summary> @@ -105745,7 +105863,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_create_config" lineno="467"> +<interface name="sysnet_create_config" lineno="486"> <summary> Create network config files. </summary> @@ -105755,7 +105873,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_relabel_config" lineno="486"> +<interface name="sysnet_relabel_config" lineno="505"> <summary> Relabel network config files. </summary> @@ -105765,7 +105883,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_etc_filetrans_config" lineno="511"> +<interface name="sysnet_etc_filetrans_config" lineno="530"> <summary> Create files in /etc with the type used for the network config files. @@ -105781,7 +105899,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="sysnet_manage_config" lineno="529"> +<interface name="sysnet_manage_config" lineno="548"> <summary> Create, read, write, and delete network config files. </summary> @@ -105791,7 +105909,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_read_dhcpc_runtime_files" lineno="561"> +<interface name="sysnet_read_dhcpc_runtime_files" lineno="580"> <summary> Read dhcp client runtime files. </summary> @@ -105801,7 +105919,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_delete_dhcpc_runtime_files" lineno="580"> +<interface name="sysnet_delete_dhcpc_runtime_files" lineno="599"> <summary> Delete the dhcp client runtime files. </summary> @@ -105811,7 +105929,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_manage_dhcpc_runtime_files" lineno="598"> +<interface name="sysnet_manage_dhcpc_runtime_files" lineno="617"> <summary> Create, read, write, and delete dhcp client runtime files. </summary> @@ -105821,7 +105939,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_domtrans_ifconfig" lineno="616"> +<interface name="sysnet_domtrans_ifconfig" lineno="635"> <summary> Execute ifconfig in the ifconfig domain. </summary> @@ -105831,7 +105949,7 @@ Domain allowed to transition. </summary> </param> </interface> -<interface name="sysnet_run_ifconfig" lineno="643"> +<interface name="sysnet_run_ifconfig" lineno="662"> <summary> Execute ifconfig in the ifconfig domain, and allow the specified role the ifconfig domain, @@ -105849,7 +105967,7 @@ Role allowed access. </param> <rolecap/> </interface> -<interface name="sysnet_exec_ifconfig" lineno="663"> +<interface name="sysnet_exec_ifconfig" lineno="682"> <summary> Execute ifconfig in the caller domain. </summary> @@ -105859,7 +105977,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_signal_ifconfig" lineno="683"> +<interface name="sysnet_signal_ifconfig" lineno="702"> <summary> Send a generic signal to ifconfig. </summary> @@ -105870,7 +105988,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="sysnet_signull_ifconfig" lineno="702"> +<interface name="sysnet_signull_ifconfig" lineno="721"> <summary> Send null signals to ifconfig. </summary> @@ -105881,7 +105999,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="sysnet_create_netns_dirs" lineno="721"> +<interface name="sysnet_create_netns_dirs" lineno="740"> <summary> Create the /run/netns directory with an automatic type transition. @@ -105892,7 +106010,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_netns_filetrans" lineno="755"> +<interface name="sysnet_netns_filetrans" lineno="774"> <summary> Create an object in the /run/netns directory with a private type. @@ -105918,7 +106036,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="sysnet_read_dhcp_config" lineno="776"> +<interface name="sysnet_read_dhcp_config" lineno="795"> <summary> Read the DHCP configuration files. </summary> @@ -105928,7 +106046,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_search_dhcp_state" lineno="796"> +<interface name="sysnet_search_dhcp_state" lineno="815"> <summary> Search the DHCP state data directory. </summary> @@ -105938,7 +106056,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_dhcp_state_filetrans" lineno="840"> +<interface name="sysnet_dhcp_state_filetrans" lineno="859"> <summary> Create DHCP state data. </summary> @@ -105973,7 +106091,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="sysnet_dns_name_resolve" lineno="860"> +<interface name="sysnet_dns_name_resolve" lineno="879"> <summary> Perform a DNS name resolution. </summary> @@ -105984,7 +106102,7 @@ Domain allowed access. </param> <rolecap/> </interface> -<interface name="sysnet_use_ldap" lineno="911"> +<interface name="sysnet_use_ldap" lineno="930"> <summary> Connect and use a LDAP server. </summary> @@ -105994,7 +106112,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_use_portmap" lineno="938"> +<interface name="sysnet_use_portmap" lineno="957"> <summary> Connect and use remote port mappers. </summary> @@ -106004,7 +106122,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="sysnet_dhcpc_script_entry" lineno="972"> +<interface name="sysnet_dhcpc_script_entry" lineno="991"> <summary> Make the specified program domain accessable from the DHCP hooks/scripts. @@ -106728,7 +106846,17 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_manage_userdb_runtime_sock_files" lineno="1415"> +<interface name="systemd_manage_userdb_runtime_symlinks" lineno="1415"> +<summary> +Manage symbolic links under /run/systemd/userdb. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="systemd_manage_userdb_runtime_sock_files" lineno="1433"> <summary> Manage socket files under /run/systemd/userdb . </summary> @@ -106738,7 +106866,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_stream_connect_userdb" lineno="1433"> +<interface name="systemd_stream_connect_userdb" lineno="1451"> <summary> Connect to /run/systemd/userdb/io.systemd.DynamicUser . </summary> @@ -106748,7 +106876,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_read_machines" lineno="1455"> +<interface name="systemd_read_machines" lineno="1473"> <summary> Allow reading /run/systemd/machines </summary> @@ -106758,7 +106886,7 @@ Domain that can access the machines files </summary> </param> </interface> -<interface name="systemd_watch_machines_dirs" lineno="1474"> +<interface name="systemd_watch_machines_dirs" lineno="1492"> <summary> Allow watching /run/systemd/machines </summary> @@ -106768,7 +106896,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_connect_machined" lineno="1492"> +<interface name="systemd_connect_machined" lineno="1510"> <summary> Allow connecting to /run/systemd/userdb/io.systemd.Machine socket </summary> @@ -106778,7 +106906,7 @@ Domain that can access the socket </summary> </param> </interface> -<interface name="systemd_dbus_chat_machined" lineno="1511"> +<interface name="systemd_dbus_chat_machined" lineno="1529"> <summary> Send and receive messages from systemd machined over dbus. @@ -106789,7 +106917,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_dbus_chat_hostnamed" lineno="1532"> +<interface name="systemd_dbus_chat_hostnamed" lineno="1550"> <summary> Send and receive messages from systemd hostnamed over dbus. @@ -106800,7 +106928,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_use_passwd_agent_fds" lineno="1552"> +<interface name="systemd_use_passwd_agent_fds" lineno="1570"> <summary> allow systemd_passwd_agent to inherit fds </summary> @@ -106810,7 +106938,7 @@ Domain that owns the fds </summary> </param> </interface> -<interface name="systemd_run_passwd_agent" lineno="1575"> +<interface name="systemd_run_passwd_agent" lineno="1593"> <summary> allow systemd_passwd_agent to be run by admin </summary> @@ -106825,7 +106953,7 @@ role that it runs in </summary> </param> </interface> -<interface name="systemd_use_passwd_agent" lineno="1596"> +<interface name="systemd_use_passwd_agent" lineno="1614"> <summary> Allow a systemd_passwd_agent_t process to interact with a daemon that needs a password from the sysadmin. @@ -106836,7 +106964,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="1620"> +<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="1638"> <summary> Transition to systemd_passwd_runtime_t when creating dirs </summary> @@ -106846,7 +106974,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_filetrans_userdb_runtime_dirs" lineno="1641"> +<interface name="systemd_filetrans_userdb_runtime_dirs" lineno="1659"> <summary> Transition to systemd_userdbd_runtime_t when creating the userdb directory inside an init runtime @@ -106858,7 +106986,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_manage_passwd_runtime_symlinks" lineno="1659"> +<interface name="systemd_manage_passwd_runtime_symlinks" lineno="1677"> <summary> Allow to domain to create systemd-passwd symlink </summary> @@ -106868,7 +106996,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_watch_passwd_runtime_dirs" lineno="1677"> +<interface name="systemd_watch_passwd_runtime_dirs" lineno="1695"> <summary> Allow a domain to watch systemd-passwd runtime dirs. </summary> @@ -106878,7 +107006,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_list_journal_dirs" lineno="1695"> +<interface name="systemd_list_journal_dirs" lineno="1713"> <summary> Allow domain to list the contents of systemd_journal_t dirs </summary> @@ -106888,7 +107016,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_read_journal_files" lineno="1713"> +<interface name="systemd_read_journal_files" lineno="1731"> <summary> Allow domain to read systemd_journal_t files </summary> @@ -106898,7 +107026,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_manage_journal_files" lineno="1732"> +<interface name="systemd_manage_journal_files" lineno="1750"> <summary> Allow domain to create/manage systemd_journal_t files </summary> @@ -106908,7 +107036,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_watch_journal_dirs" lineno="1752"> +<interface name="systemd_watch_journal_dirs" lineno="1770"> <summary> Allow domain to add a watch on systemd_journal_t directories </summary> @@ -106918,7 +107046,17 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_relabelto_journal_dirs" lineno="1770"> +<interface name="systemd_relabelfrom_journal_files" lineno="1788"> +<summary> +Relabel from systemd-journald file type. +</summary> +<param name="domain"> +<summary> +Domain allowed access. +</summary> +</param> +</interface> +<interface name="systemd_relabelto_journal_dirs" lineno="1806"> <summary> Relabel to systemd-journald directory type. </summary> @@ -106928,7 +107066,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_relabelto_journal_files" lineno="1789"> +<interface name="systemd_relabelto_journal_files" lineno="1825"> <summary> Relabel to systemd-journald file type. </summary> @@ -106938,7 +107076,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_read_networkd_units" lineno="1809"> +<interface name="systemd_read_networkd_units" lineno="1845"> <summary> Allow domain to read systemd_networkd_t unit files </summary> @@ -106948,7 +107086,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_manage_networkd_units" lineno="1829"> +<interface name="systemd_manage_networkd_units" lineno="1865"> <summary> Allow domain to create/manage systemd_networkd_t unit files </summary> @@ -106958,7 +107096,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_enabledisable_networkd" lineno="1849"> +<interface name="systemd_enabledisable_networkd" lineno="1885"> <summary> Allow specified domain to enable systemd-networkd units </summary> @@ -106968,7 +107106,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_startstop_networkd" lineno="1868"> +<interface name="systemd_startstop_networkd" lineno="1904"> <summary> Allow specified domain to start systemd-networkd units </summary> @@ -106978,7 +107116,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_dbus_chat_networkd" lineno="1888"> +<interface name="systemd_dbus_chat_networkd" lineno="1924"> <summary> Send and receive messages from systemd networkd over dbus. @@ -106989,7 +107127,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_status_networkd" lineno="1908"> +<interface name="systemd_status_networkd" lineno="1944"> <summary> Allow specified domain to get status of systemd-networkd </summary> @@ -106999,7 +107137,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="1927"> +<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="1963"> <summary> Relabel systemd_networkd tun socket. </summary> @@ -107009,7 +107147,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="1945"> +<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="1981"> <summary> Read/Write from systemd_networkd netlink route socket. </summary> @@ -107019,7 +107157,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_list_networkd_runtime" lineno="1963"> +<interface name="systemd_list_networkd_runtime" lineno="1999"> <summary> Allow domain to list dirs under /run/systemd/netif </summary> @@ -107029,7 +107167,7 @@ domain permitted the access </summary> </param> </interface> -<interface name="systemd_watch_networkd_runtime_dirs" lineno="1982"> +<interface name="systemd_watch_networkd_runtime_dirs" lineno="2018"> <summary> Watch directories under /run/systemd/netif </summary> @@ -107039,7 +107177,7 @@ Domain permitted the access </summary> </param> </interface> -<interface name="systemd_read_networkd_runtime" lineno="2001"> +<interface name="systemd_read_networkd_runtime" lineno="2037"> <summary> Allow domain to read files generated by systemd_networkd </summary> @@ -107049,7 +107187,7 @@ domain allowed access </summary> </param> </interface> -<interface name="systemd_read_logind_state" lineno="2020"> +<interface name="systemd_read_logind_state" lineno="2056"> <summary> Allow systemd_logind_t to read process state for cgroup file </summary> @@ -107059,7 +107197,7 @@ Domain systemd_logind_t may access. </summary> </param> </interface> -<interface name="systemd_create_logind_linger_dir" lineno="2041"> +<interface name="systemd_create_logind_linger_dir" lineno="2077"> <summary> Allow the specified domain to create the systemd-logind linger directory with @@ -107071,7 +107209,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_start_user_manager_units" lineno="2061"> +<interface name="systemd_start_user_manager_units" lineno="2097"> <summary> Allow the specified domain to start systemd user manager units (systemd --user). @@ -107082,7 +107220,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_stop_user_manager_units" lineno="2081"> +<interface name="systemd_stop_user_manager_units" lineno="2117"> <summary> Allow the specified domain to stop systemd user manager units (systemd --user). @@ -107093,7 +107231,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_reload_user_manager_units" lineno="2101"> +<interface name="systemd_reload_user_manager_units" lineno="2137"> <summary> Allow the specified domain to reload systemd user manager units (systemd --user). @@ -107104,7 +107242,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_get_user_manager_units_status" lineno="2121"> +<interface name="systemd_get_user_manager_units_status" lineno="2157"> <summary> Get the status of systemd user manager units (systemd --user). @@ -107115,7 +107253,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_start_power_units" lineno="2140"> +<interface name="systemd_start_power_units" lineno="2176"> <summary> Allow specified domain to start power units </summary> @@ -107125,7 +107263,7 @@ Domain to not audit. </summary> </param> </interface> -<interface name="systemd_status_power_units" lineno="2159"> +<interface name="systemd_status_power_units" lineno="2195"> <summary> Get the system status information about power units </summary> @@ -107135,7 +107273,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_stream_connect_socket_proxyd" lineno="2178"> +<interface name="systemd_stream_connect_socket_proxyd" lineno="2214"> <summary> Allows connections to the systemd-socket-proxyd's socket. </summary> @@ -107145,7 +107283,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_tmpfiles_conf_file" lineno="2197"> +<interface name="systemd_tmpfiles_conf_file" lineno="2233"> <summary> Make the specified type usable for systemd tmpfiles config files. @@ -107156,7 +107294,7 @@ Type to be used for systemd tmpfiles config files. </summary> </param> </interface> -<interface name="systemd_tmpfiles_creator" lineno="2218"> +<interface name="systemd_tmpfiles_creator" lineno="2254"> <summary> Allow the specified domain to create the tmpfiles config directory with @@ -107168,7 +107306,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_tmpfiles_conf_filetrans" lineno="2254"> +<interface name="systemd_tmpfiles_conf_filetrans" lineno="2290"> <summary> Create an object in the systemd tmpfiles config directory, with a private type @@ -107195,7 +107333,7 @@ The name of the object being created. </summary> </param> </interface> -<interface name="systemd_list_tmpfiles_conf" lineno="2273"> +<interface name="systemd_list_tmpfiles_conf" lineno="2309"> <summary> Allow domain to list systemd tmpfiles config directory </summary> @@ -107205,7 +107343,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="2291"> +<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="2327"> <summary> Allow domain to relabel to systemd tmpfiles config directory </summary> @@ -107215,7 +107353,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="2309"> +<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="2345"> <summary> Allow domain to relabel to systemd tmpfiles config files </summary> @@ -107225,7 +107363,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_tmpfilesd_managed" lineno="2327"> +<interface name="systemd_tmpfilesd_managed" lineno="2363"> <summary> Allow systemd_tmpfiles_t to manage filesystem objects </summary> @@ -107235,7 +107373,7 @@ Type of object to manage </summary> </param> </interface> -<interface name="systemd_stream_connect_resolved" lineno="2354"> +<interface name="systemd_stream_connect_resolved" lineno="2390"> <summary> Connect to systemd resolved over /run/systemd/resolve/io.systemd.Resolve . @@ -107246,7 +107384,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_dbus_chat_resolved" lineno="2375"> +<interface name="systemd_dbus_chat_resolved" lineno="2411"> <summary> Send and receive messages from systemd resolved over dbus. @@ -107257,7 +107395,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_read_resolved_runtime" lineno="2395"> +<interface name="systemd_read_resolved_runtime" lineno="2431"> <summary> Allow domain to read resolv.conf file generated by systemd_resolved </summary> @@ -107267,7 +107405,7 @@ domain allowed access </summary> </param> </interface> -<interface name="systemd_exec_systemctl" lineno="2417"> +<interface name="systemd_exec_systemctl" lineno="2453"> <summary> Execute the systemctl program. </summary> @@ -107277,7 +107415,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_getattr_updated_runtime" lineno="2448"> +<interface name="systemd_getattr_updated_runtime" lineno="2484"> <summary> Allow domain to getattr on .updated file (generated by systemd-update-done </summary> @@ -107287,7 +107425,7 @@ domain allowed access </summary> </param> </interface> -<interface name="systemd_search_all_user_keys" lineno="2466"> +<interface name="systemd_search_all_user_keys" lineno="2502"> <summary> Search keys for the all systemd --user domains. </summary> @@ -107297,7 +107435,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_create_all_user_keys" lineno="2484"> +<interface name="systemd_create_all_user_keys" lineno="2520"> <summary> Create keys for the all systemd --user domains. </summary> @@ -107307,7 +107445,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_write_all_user_keys" lineno="2502"> +<interface name="systemd_write_all_user_keys" lineno="2538"> <summary> Write keys for the all systemd --user domains. </summary> @@ -107317,7 +107455,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_domtrans_sysusers" lineno="2521"> +<interface name="systemd_domtrans_sysusers" lineno="2557"> <summary> Execute systemd-sysusers in the systemd sysusers domain. @@ -107328,7 +107466,7 @@ Domain allowed access. </summary> </param> </interface> -<interface name="systemd_run_sysusers" lineno="2546"> +<interface name="systemd_run_sysusers" lineno="2582"> <summary> Run systemd-sysusers with a domain transition. </summary> @@ -107344,7 +107482,7 @@ Role allowed access. </param> <rolecap/> </interface> -<interface name="systemd_use_inherited_machined_ptys" lineno="2566"> +<interface name="systemd_use_inherited_machined_ptys" lineno="2602"> <summary> receive and use a systemd_machined_devpts_t file handle </summary> |