next up previous contents
Next: 13.4 allowpriv: other privileges Up: 13 Access control other Previous: 13.2 allowpriv: related to   Contents

13.3 allowpriv: related to SELinux operations

Allow privileges to administrate SELinux.
  1. relabel
    Allow to relabel all files. You must also allow getsecurity and allowpriv search.
  2. part_relabel
    Allow to relabel files that the domain can write. You must also allow getsecurity.
  3. setfscreate
    This is necessary only applications that use SELinux API(setfscreatecon).
  4. getsecurity
    Allow to get security policy decisions, by accessing /selinux.
  5. setenforce
    Allow to toggle enforcing/permissive mode.
  6. load_policy
    Allow to load policy to kernel.
  7. setsecparam
    Change performance parameter of SELinux via /selinux/avc
  8. getsecattr
    Get security information(such as domain, stored in /proc/pid/attr) of other processes.



Yuichi Nakamura 2006-11-13