8.12 Configuring access control to process communication

8.12.1 allowcom (network socket)

1. Syntax
   allowcom -tcp$\mid$-udp$\mid$-unix todomain;
2. Meaning
   Controls usage of socket in process communication. If todomain is global the domain can communicate with every domain.
3. Example
   {
   domain httpd_t;
   allowcom -unix syslogd_t;
   ...
   This means httpd_t can communicate with process that has syslogd_t by unix domain socket.
   

4. Constraints
   -tcp and -udp can not be used in kernel 2.6 based SELinux. They do nothing if specified.

8.12.2 allowcom (IPC)

1. Syntax
   allowcom -sem$\mid$-msg$\mid$-msgq$\mid$-shm$\mid$-pipe to domain [r],[w];
2. Meaning
   Allow to communicate with to domain by specified IPC.
   If to domain is self, this means IPC within domain. If to domain is global the domain can IPC to every domain.

8.12.3 allowcom(Signal)

1. Syntax
   allowcom -sig to domain [c],[k],[s],[n],[o];
2. Meaning
   Allow to send signal to to domain. [c] is sigchld, [k] is sigkill, [s] is sigstop, [n] is signull, [o] is other signals. signull is not supported, this means all domains are allowed to use signull.