لطفا منتظر باشید ...
Appendix E. SELinux Type Attributes
Table E-1 summarizes the SELinux type attributes
appearing in the Fedora Core 2 implementation of SELinux. Other
implementations may define different type attributes or assign
different meaning to attributes shown in the table.
Table E-1. SELinux type attributes
Type attribute
Description
admin
Administrator domain, such as sysadm_t
auth
Domain that can read /etc/shadow
auth_chkpwd
Domain that can authenticate users by running
unix_chkpwd
auth_write
Domain that can write or relabel /etc/shadow
dbus_client_domain
Domain of dbus
client
device_type
Type assigned to device nodes
domain
Type that can be assigned to a process
etc_writer
Domain that can write to etc_t
exec_type
Type assigned to executables that are domain entry points
file_type
Type assigned to files in persistent filesystems
fs_domain
Domain that can directly access a fixed disk
fs_type
Type assigned to filesystems, including nonpersistent filesystems
gphdomain
Domain derived from gnome-pty-helper
home_dir_type
Type assigned to the parent directory holding user home directories
home_type
Type assigned to home directories
homedirfile
Type of special file in home directory, used to associate mount
points with home directories
lockfile
Type assigned to lock files or directories
logfile
Type assigned to log files or directories
login_contexts
Type assigned to files used to define default contexts for login type
mail_server_domain
Domain that can accept inbound TCP port 25 connection
mail_server_sender
Domain that can make outbound TCP port 25 connection
mini_pty_type
pty used for a user_mini_domain
mlstrustedobject
Type that can be accessed irrespective of MLS restrictions (not used)
mlstrustedreader
Domain that can override MLS restrictions on reading (not used)
mlstrustedwriter
Domain that can override MLS restrictions on writing (not used)
mta_delivery_agent
Mail server domain that can deliver messages
mta_user_agent
Mail server domain that can read user files and FIFOs and inherit
file handles for mail spool
netif_type
Type assigned to network interfaces
netmsg_type
Type assigned to packets received on network interfaces
node_type
Type assigned to network nodes (hosts)
noexattrfile
Type of filesystem not supporting extended attributes
pidfile
Type assigned to PID files
port_type
Type assigned to TCP/IP port numbers
priv_system_role
Domain that can change role from a user role to a
system_r
role, and user from a user identity to
system_u
privfd
Domain whose file handles can be widely inherited
privhome
Domain that can act on behalf of a user by creating files under the
user's home directory
privlog
Domain that can communicate with the system logger daemon via its
Unix domain socket
privmail
Domain that can transition to system_mail_t
privmem
Domain that can access kernel memory
privmodule
Domain that can run modprobe
privowner
Domain that can assign a nondefault SELinux user identity to a file,
or create a file having an SELinux user identity other than that of
the current process
privrole
Domain that can change the SELinux role identity
privuser
Domain that can change the SELinux user identity
ptyfile
Type assigned to ptys
root_dir_type
Type assigned to filesystem root directories, including those of
nonpersistent filesystems
server_pty
Type of pty created by a server, such as sshd
socket_type
Type assigned to kernel-created sockets (ordinary sockets are labeled
with the type of the creating process)
sysadmfile
Type assigned to files fully controlled by administrators
sysctl_kernel_writer
Domain (other than admin
Domain) that can write to
sysctl_kernel_t
sysctl_net_writer
Domain that can write to sysctl_net_t
sysctl_type
Type assigned to a sysctl
entry; that is, a
configuration item appearing in /proc/sys
tmpfile
Type assigned to temporary files
tmpfsfile
Type defined for tmpfs
type translations
ttyfile
Type assigned to ttys
unpriv_userdomain
Type of nonadministrative users, such as user_t
user_crond_domain
Type of user crond domain, such as
user_crond_t
and system_crond_t
user_home_dir_type
Type of user home directory of unpriv_userdomain
user
user_home_type
Type of nonadministrator home directory
user_mail_domain
Domain used by sendmail
-t
user_mini_domain
Small Domain used for newrole
user_tmpfile
Type assigned to temporary files of
unpriv_userdomain
domain
usercanread
Type of files that user can read
userdomain
User domain, such as user_t
and
sysadm_t
userpty_type
Type of nonadministrative pty (devpts
)
web_client_domain
Domain of web client, such as Netscape and Squid
xserver_tmpfile
Type assigned to temporary files of user_xserver_t
domain
