next up previous contents
Next: 2 Unsupported permission Up: Integrated/unsupported permissions in Simplified Previous: Contents   Contents

1 How to look at tables

Permissions are listed in table format. How to look at table is explained.
  1. Notation to represent domain and type
  2. Notation to represent many permissions
    Following are used to describe set of permissions(it is to save space.)

  3. Tables in section 2
    These tables describes what kind of permissions are not supported. Titles of table show why these permissions are not supported. For example, the title of table 1 is Dead permission. It means permissions in table is not supported because these are dead permission in SELinux. Detailed reason why unsupported will be described in future :-)
    Let's see example. First line in table1, all_file_class, swapon, global , file_type is described. It means, all domains(global) are allowed permission swapon for all object class related to file(all_file_class), to all types related to file(file_type). It equals following allow statement in SELinux.
           allow global file\_type:all\_file\_class swapon;
    
    So this means, swapon permission is allowed(=not supported).
  4. Tables in section 3
    These tables describe how permissions are integrated in SPDL. Let's see example. Look at table 11. This table describes permissions allowed when using allow filename r; statement. all_file_class, ioctl lock read, domain, type are described here. This means, ioctl lock read permissions for all file related object classes are allowed.

Following was automatically generated by genmacro.py


next up previous contents
Next: 2 Unsupported permission Up: Integrated/unsupported permissions in Simplified Previous: Contents   Contents
Yuichi Nakamura 2006-11-13