General system administration role
false
Allow sysadm to debug or ptrace all processes.
true
Grant the sysadm domains manage access non security files
true
Allow sysadm to read /var/log file.
true
Allow sysadm to write etc file.
Execute a generic bin program in the sysadm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow sysadm to execute a generic bin program in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().
Allow sysadm to execute a generic bin program in a specified domain.
This is a interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain to execute in. |
sysadm send dbus msg.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow sysadm transition to confined domain.
Parameter: | Description: |
---|---|
domain |
Type to be used as a domain. |
entry_point |
Type of the program to be used as an entry point to this domain. |
Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().
Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().
This is a interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Change to the system administrator role.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
Change from the system administrator role.
Change from the system administrator role to the specified role.
This is an interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
Read and write sysadm user unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
allow sysadm set attr.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a shell in the sysadm domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGCHLD signal to sysadm users.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Inherit and use sysadm file descriptors
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |