X Windows Server
false
Allows clients to write to the X server shared memory segments.
false
Allow xdm logins as sysadm
false
Support X userspace object manager
Create a named socket in a XDM temporary directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to write the X server log files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Execute the X server in the XDM X server domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
dontaudit getattr xdm temporary named sockets.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Do not audit attempts to read xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Do not audit attempts to read and write XDM unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write xdm_xserver unix domain stream sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to read and write to a XDM X server socket.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Do not audit attempts to inherit XDM file descriptors.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write the X server log files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Get the attributes of X server logs.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Kill XDM X servers
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Create, read, write, and delete xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Read all users .Xauthority.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read XDM var lib files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read XDM pid files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read xdm-writable configuration files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Read xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Read X keyboard extension libraries.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Read and write the X windows console named pipe.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write XDM unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read write xdm temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Set the attributes of the X windows console named pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of XDM temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Signal XDM X servers
Parameter: | Description: |
---|---|
domain |
Domain to not audit |
Connect to XDM over a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to xdm_xserver over a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Interface to provide X object permissions on a given X server to an X client domain. Gives the domain complete control over the display.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read all users fonts, user font configurations, and manage all users font caches.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Use file descriptors for xdm.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Make an X session script an entrypoint for the specified domain.
Parameter: | Description: |
---|---|
domain |
The domain for which the shell is an entrypoint. |
Execute an X session in the target domain. This is an explicit transition, requiring the caller to use setexeccon().
Execute an Xsession in the target domain. This is an explicit transition, requiring the caller to use setexeccon().
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
target_domain |
The type of the shell process. |
Template to create types and rules common to all X server domains.
Parameter: | Description: |
---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). |
Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.
Parameter: | Description: |
---|---|
user |
The prefix of the X server domain (e.g., user is the prefix for user_t). |
prefix |
The prefix of the X client domain (e.g., user is the prefix for user_t). |
domain |
Client domain allowed access. |
Transition to a user Xauthority domain.
Transition to a user Xauthority domain.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
The per role template for the xserver module.
Define a derived domain for the X server when executed by a user domain (e.g. via startx). See the xdm module if using an X Display Manager.
This is invoked automatically for each user and generally does not need to be invoked directly by policy writers.
Parameter: | Description: |
---|---|
prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
user_domain |
The type of the user domain. |
user_role |
The role associated with the user domain. |
Template for creating sessions on a prefix X server, with read-only access to the X server shared memory segments.
Parameter: | Description: |
---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |
Template for creating sessions on a prefix X server, with read and write access to the X server shared memory segments.
Parameter: | Description: |
---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |
Read user fonts, user font configuration, and manage the user font cache.
Read user fonts, user font configuration, and manage the user font cache.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
Template for creating full client sessions on a user X server.
Parameter: | Description: |
---|---|
prefix |
The prefix of the domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |
Transition to a user Xauthority domain.
Transition to a user Xauthority domain.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
Interface to provide X object permissions on a given X server to an X client domain. Provides the minimal set required by a basic X client application.
Parameter: | Description: |
---|---|
user |
The prefix of the X server domain (e.g., user is the prefix for user_t). |
prefix |
The prefix of the X client domain (e.g., user is the prefix for user_t). |
domain |
Client domain allowed access. |
tmpfs_type |
The type of the domain SYSV tmpfs files. |