Table E-1 summarizes the SELinux type attributes appearing in the Fedora Core 2 implementation of SELinux. Other implementations may define different type attributes or assign different meaning to attributes shown in the table.
Type attribute
Description
admin
Administrator domain, such as sysadm_t
auth
Domain that can read /etc/shadow
auth_chkpwd
Domain that can authenticate users by running unix_chkpwd
auth_write
Domain that can write or relabel /etc/shadow
dbus_client_domain
Domain of dbus client
device_type
Type assigned to device nodes
domain
Type that can be assigned to a process
etc_writer
Domain that can write to etc_t
exec_type
Type assigned to executables that are domain entry points
file_type
Type assigned to files in persistent filesystems
fs_domain
Domain that can directly access a fixed disk
fs_type
Type assigned to filesystems, including nonpersistent filesystems
gphdomain
Domain derived from gnome-pty-helper
home_dir_type
Type assigned to the parent directory holding user home directories
home_type
Type assigned to home directories
homedirfile
Type of special file in home directory, used to associate mount points with home directories
lockfile
Type assigned to lock files or directories
logfile
Type assigned to log files or directories
login_contexts
Type assigned to files used to define default contexts for login type
mail_server_domain
Domain that can accept inbound TCP port 25 connection
mail_server_sender
Domain that can make outbound TCP port 25 connection
mini_pty_type
pty used for a user_mini_domain
mlstrustedobject
Type that can be accessed irrespective of MLS restrictions (not used)
mlstrustedreader
Domain that can override MLS restrictions on reading (not used)
mlstrustedwriter
Domain that can override MLS restrictions on writing (not used)
mta_delivery_agent
Mail server domain that can deliver messages
mta_user_agent
Mail server domain that can read user files and FIFOs and inherit file handles for mail spool
netif_type
Type assigned to network interfaces
netmsg_type
Type assigned to packets received on network interfaces
node_type
Type assigned to network nodes (hosts)
noexattrfile
Type of filesystem not supporting extended attributes
pidfile
Type assigned to PID files
port_type
Type assigned to TCP/IP port numbers
priv_system_role
Domain that can change role from a user role to a system_r role, and user from a user identity to system_u
privfd
Domain whose file handles can be widely inherited
privhome
Domain that can act on behalf of a user by creating files under the user's home directory
privlog
Domain that can communicate with the system logger daemon via its Unix domain socket
privmail
Domain that can transition to system_mail_t
privmem
Domain that can access kernel memory
privmodule
Domain that can run modprobe
privowner
Domain that can assign a nondefault SELinux user identity to a file, or create a file having an SELinux user identity other than that of the current process
privrole
Domain that can change the SELinux role identity
privuser
Domain that can change the SELinux user identity
ptyfile
Type assigned to ptys
root_dir_type
Type assigned to filesystem root directories, including those of nonpersistent filesystems
server_pty
Type of pty created by a server, such as sshd
socket_type
Type assigned to kernel-created sockets (ordinary sockets are labeled with the type of the creating process)
sysadmfile
Type assigned to files fully controlled by administrators
sysctl_kernel_writer
Domain (other than admin Domain) that can write to sysctl_kernel_t
sysctl_net_writer
Domain that can write to sysctl_net_t
sysctl_type
Type assigned to a sysctl entry; that is, a configuration item appearing in /proc/sys
tmpfile
Type assigned to temporary files
tmpfsfile
Type defined for tmpfs type translations
ttyfile
Type assigned to ttys
unpriv_userdomain
Type of nonadministrative users, such as user_t
user_crond_domain
Type of user crond domain, such as user_crond_t and system_crond_t
user_home_dir_type
Type of user home directory of unpriv_userdomain user
user_home_type
Type of nonadministrator home directory
user_mail_domain
Domain used by sendmail -t
user_mini_domain
Small Domain used for newrole
user_tmpfile
Type assigned to temporary files of unpriv_userdomain domain
usercanread
Type of files that user can read
userdomain
User domain, such as user_t and sysadm_t
userpty_type
Type of nonadministrative pty (devpts )
web_client_domain
Domain of web client, such as Netscape and Squid
xserver_tmpfile
Type assigned to temporary files of user_xserver_t domain