Layer: roles

Module: sysadm

Tunables Interfaces

Description:

General system administration role


Tunables:

allow_ptrace
Default value

false

Description

Allow sysadm to debug or ptrace all processes.

allow_sysadm_manage_non_security_file
Default value

true

Description

Grant the sysadm domains manage access non security files

allow_sysadm_read_var_log
Default value

true

Description

Allow sysadm to read /var/log file.

allow_sysadm_write_etc
Default value

true

Description

Allow sysadm to write etc file.

Return

Interfaces:

sysadm_bin_spec_domtrans( domain )
Summary

Execute a generic bin program in the sysadm domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_bin_spec_domtrans_to( domain )
Summary

Allow sysadm to execute a generic bin program in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Allow sysadm to execute a generic bin program in a specified domain.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain to execute in.

sysadm_dbus_chat( domain )
Summary

sysadm send dbus msg.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_domtrans_to( domain , entry_point )
Summary

Allow sysadm transition to confined domain.

Parameters
Parameter:Description:
domain

Type to be used as a domain.

entry_point

Type of the program to be used as an entry point to this domain.

sysadm_entry_spec_domtrans( domain )
Summary

Execute all entrypoint files in the sysadm domain. This is an explicit transition, requiring the caller to use setexeccon().

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_entry_spec_domtrans_to( domain )
Summary

Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Allow sysadm to execute all entrypoint files in a specified domain. This is an explicit transition, requiring the caller to use setexeccon().

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_role_change( role )
Summary

Change to the system administrator role.

Parameters
Parameter:Description:
role

Role allowed access.

sysadm_role_change_to( role )
Summary

Change from the system administrator role.

Description

Change from the system administrator role to the specified role.

This is an interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
role

Role allowed access.

sysadm_rw_pipes( domain )
Summary

Read and write sysadm user unnamed pipes.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_set_file_attr( domain )
Summary

allow sysadm set attr.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_shell_domtrans( domain )
Summary

Execute a shell in the sysadm domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_sigchld( domain )
Summary

Send a SIGCHLD signal to sysadm users.

Parameters
Parameter:Description:
domain

Domain allowed access.

sysadm_use_fds( domain )
Summary

Inherit and use sysadm file descriptors

Parameters
Parameter:Description:
domain

Domain allowed access.

Return