File: //usr/share/doc/selinux-policy/html/roles_sysadm.html
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+
apps</a></br/>
<div id='subitem'>
</div>
<a href="contrib.html">+
contrib</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+
kernel</a></br/>
<div id='subitem'>
</div>
<a href="roles.html">+
roles</a></br/>
<div id='subitem'>
- <a href='roles_auditadm.html'>
auditadm</a><br/>
- <a href='roles_logadm.html'>
logadm</a><br/>
- <a href='roles_secadm.html'>
secadm</a><br/>
- <a href='roles_staff.html'>
staff</a><br/>
- <a href='roles_sysadm.html'>
sysadm</a><br/>
- <a href='roles_sysadm_secadm.html'>
sysadm_secadm</a><br/>
- <a href='roles_unconfineduser.html'>
unconfineduser</a><br/>
- <a href='roles_unprivuser.html'>
unprivuser</a><br/>
</div>
<a href="services.html">+
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">* Global Booleans </a>
<br/><p/>
<a href="global_tunables.html">* Global Tunables </a>
<p/><br/><p/>
<a href="index.html">* Layer Index</a>
<br/><p/>
<a href="booleans.html">* Boolean Index</a>
<br/><p/>
<a href="tunables.html">* Tunable Index</a>
<br/><p/>
<a href="interfaces.html">* Interface Index</a>
<br/><p/>
<a href="templates.html">* Template Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: roles</h1><p/>
<h2>Module: sysadm</h2><p/>
<a href=#interfaces>Interfaces</a>
<h3>Description:</h3>
<p><p>General system administration role</p></p>
<hr>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_sysadm_bin_spec_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_bin_spec_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute a generic bin program in the sysadm domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_bin_spec_domtrans_to"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_bin_spec_domtrans_to</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow sysadm to execute a generic bin program in
a specified domain. This is an explicit transition,
requiring the caller to use setexeccon().
</p>
<h5>Description</h5>
<p>
</p><p>
Allow sysadm to execute a generic bin program in
a specified domain.
</p><p>
</p><p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to execute in.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_entry_spec_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_entry_spec_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute all entrypoint files in the sysadm domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_entry_spec_domtrans_to"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_entry_spec_domtrans_to</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow sysadm to execute all entrypoint files in
a specified domain. This is an explicit transition,
requiring the caller to use setexeccon().
</p>
<h5>Description</h5>
<p>
</p><p>
Allow sysadm to execute all entrypoint files in
a specified domain. This is an explicit transition,
requiring the caller to use setexeccon().
</p><p>
</p><p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_role_change"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_role_change</b>(
role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Change to the system administrator role.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
role
</td><td>
<p>
Role allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_role_change_to"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_role_change_to</b>(
role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Change from the system administrator role.
</p>
<h5>Description</h5>
<p>
</p><p>
Change from the system administrator role to
the specified role.
</p><p>
</p><p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
role
</td><td>
<p>
Role allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_rw_pipes"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_rw_pipes</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write sysadm user unnamed pipes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_shell_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_shell_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute a shell in the sysadm domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_sigchld"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_sigchld</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Send a SIGCHLD signal to sysadm users.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_stub"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_stub</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
sysadm stub interface. No access allowed.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_sysadm_use_fds"></a>
<div id="interface">
<div id="codeblock">
<b>sysadm_use_fds</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Inherit and use sysadm file descriptors
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>