Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /usr/share/doc/selinux-policy-2.4.6/html/ drwxr-xr-x | |
| Viewing file: Select action/file-type: Security Enhanced Linux Reference Policy
+
admin
-
corecommands
+
services
- corenetwork - devices - domain - files - filesystem - kernel - mcs - mls - selinux - storage - terminal * Global Booleans * Global Tunables * Layer Index * Interface Index * Template Index Layer: kernelModule: domainDescription:Core policy for domains. This module is required to be included in all policies. Interfaces:
domain_base_type(
type
)
SummaryMake the specified type usable as a basic domain. Description
Make the specified type usable as a basic domain.
This is primarily used for kernel threads; generally the domain_type() interface is more appropriate for userland processes.
Parameters
domain_cron_exemption_source(
domain
)
SummaryMake the specified domain the source of the cron domain exception of the SELinux role and identity change constraints. Description
Make the specified domain the source of the cron domain exception of the SELinux role and identity change constraints.
This interface is needed to decouple the cron domains from the base module. It should not be used other than on cron domains.
Parameters
domain_cron_exemption_target(
domain
)
SummaryMake the specified domain the target of the cron domain exception of the SELinux role and identity change constraints. Description
Make the specified domain the target of the cron domain exception of the SELinux role and identity change constraints.
This interface is needed to decouple the cron domains from the base module. It should not be used other than on user cron jobs.
Parameters
domain_dontaudit_exec_all_entry_files(
domain
)
Summarydontaudit checking for execute on all entry point files Parameters
domain_dontaudit_getattr_all_dgram_sockets(
domain
)
SummaryDo not audit attempts to get the attributes of all domains unix datagram sockets. Parameters
domain_dontaudit_getattr_all_domains(
domain
)
SummaryGet the attributes of all domains of all domains. Parameters
domain_dontaudit_getattr_all_key_sockets(
domain
)
SummaryDo not audit attempts to get attribues of all domains IPSEC key management sockets. Parameters
domain_dontaudit_getattr_all_packet_sockets(
domain
)
SummaryDo not audit attempts to get attribues of all domains packet sockets. Parameters
domain_dontaudit_getattr_all_pipes(
domain
)
SummaryDo not audit attempts to get the attributes of all domains unnamed pipes. Parameters
domain_dontaudit_getattr_all_raw_sockets(
domain
)
SummaryDo not audit attempts to get attribues of all domains raw sockets. Parameters
domain_dontaudit_getattr_all_sockets(
domain
)
SummaryDo not audit attempts to get the attributes of all domains sockets, for all socket types. Description
Do not audit attempts to get the attributes of all domains sockets, for all socket types.
This interface was added for PCMCIA cardmgr and is probably excessive.
Parameters
domain_dontaudit_getattr_all_stream_sockets(
domain
)
SummaryDo not audit attempts to get the attributes of all domains unix datagram sockets. Parameters
domain_dontaudit_getattr_all_tcp_sockets(
domain
)
SummaryDo not audit attempts to get the attributes of all domains TCP sockets. Parameters
domain_dontaudit_getattr_all_udp_sockets(
domain
)
SummaryDo not audit attempts to get the attributes of all domains UDP sockets. Parameters
domain_dontaudit_getsession_all_domains(
domain
)
SummaryDo not audit attempts to get the session ID of all domains. Parameters
domain_dontaudit_list_all_domains_state(
domain
)
SummaryDo not audit attempts to read the process state directories of all domains. Parameters
domain_dontaudit_ptrace_all_domains(
domain
)
SummaryDo not audit attempts to ptrace all domains. Description
Do not audit attempts to ptrace all domains.
Generally this needs to be suppressed because procps tries to access /proc/pid/environ and this now triggers a ptrace check in recent kernels (2.4 and 2.6).
Parameters
domain_dontaudit_ptrace_confined_domains(
domain
)
SummaryDo not audit attempts to ptrace confined domains. Description
Do not audit attempts to ptrace confined domains.
Generally this needs to be suppressed because procps tries to access /proc/pid/environ and this now triggers a ptrace check in recent kernels (2.4 and 2.6).
Parameters
domain_dontaudit_read_all_domains_state(
domain
)
SummaryDo not audit attempts to read the process state (/proc/pid) of all domains. Parameters
domain_dontaudit_rw_all_key_sockets(
domain
)
SummaryDo not audit attempts to read or write all domains key sockets. Parameters
domain_dontaudit_rw_all_udp_sockets(
domain
)
SummaryDo not audit attempts to read or write all domains UDP sockets. Parameters
domain_dontaudit_search_all_domains_state(
domain
)
SummaryDo not audit attempts to search the process state directory (/proc/pid) of all domains. Parameters
domain_dontaudit_use_interactive_fds(
domain
)
SummaryDo not audit attempts to inherit file descriptors from domains with interactive programs. Parameters
domain_dyntrans_type(
domain
)
SummaryAllow the specified domain to perform dynamic transitions. Description
Allow the specified domain to perform dynamic transitions.
This violates process tranquility, and it is strongly suggested that this not be used.
Parameters
domain_entry_file(
domain
,
type
)
SummaryMake the specified type usable as an entry point for the domain. Parameters
domain_entry_file_spec_domtrans(
domain
)
SummaryExecute an entry_type in the specified domain. Parameters
domain_exec_all_entry_files(
domain
)
SummaryExecute the entry point files for all domains in the caller domain. Parameters
domain_getattr_all_domains(
domain
)
SummaryGet the attributes of all domains of all domains. Parameters
domain_getattr_all_entry_files(
domain
)
SummaryGet the attributes of entry point files for all domains. Parameters
domain_getattr_all_pipes(
domain
)
SummaryGet the attributes of all domains unnamed pipes. Description
Get the attributes of all domains unnamed pipes.
This is commonly used for domains that can use lsof on all domains.
Parameters
domain_getattr_all_sockets(
domain
)
SummaryGet the attributes of all domains sockets, for all socket types. Description
Get the attributes of all domains sockets, for all socket types.
This is commonly used for domains that can use lsof on all domains.
Parameters
domain_getattr_confined_domains(
domain
)
SummaryGet the attributes of all confined domains. Parameters
domain_getsession_all_domains(
domain
)
SummaryGet the session ID of all domains. Parameters
domain_interactive_fd(
domain
)
SummaryMake the file descriptors of the specified domain for interactive use (widely inheritable) Parameters
domain_ipsec_labels(
type
)
SummaryAllow specified type to associate ipsec packets from any domain Parameters
domain_ipsec_setcontext_all_domains(
type
)
SummaryAllow specified type to set context of all domains IPSEC associations. Parameters
domain_kill_all_domains(
domain
)
SummarySend a kill signal to all domains. Parameters
domain_manage_all_entry_files(
domain
)
SummaryCreate, read, write, and delete all entrypoint files. Parameters
domain_mmap_all_entry_files(
domain
)
SummaryMmap all entry point files as executable. Parameters
domain_mmap_low(
domain
)
SummaryAbility to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. Parameters
domain_mmap_low_type(
domain
)
SummaryAbility to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. Parameters
domain_obj_id_change_exemption(
domain
)
SummaryMakes caller an exception to the constraint preventing changing the user identity in object contexts. Parameters
domain_ptrace_all_domains(
domain
)
SummaryPtrace all domains. Parameters
domain_read_all_domains_state(
domain
)
SummaryRead the process state (/proc/pid) of all domains. Parameters
domain_read_all_entry_files(
domain
)
SummaryRead the entry point files for all domains. Parameters
domain_read_confined_domains_state(
domain
)
SummaryRead the process state (/proc/pid) of all confined domains. Parameters
domain_relabel_all_entry_files(
domain
)
SummaryRelabel to and from all entry point file types. Parameters
domain_role_change_exemption(
domain
)
SummaryMakes caller an exception to the constraint preventing changing of role. Parameters
domain_search_all_domains_state(
domain
)
SummarySearch the process state directory (/proc/pid) of all domains. Parameters
domain_setcontext(
type
)
SummaryAllow specified type to set context on domain attribute. Parameters
domain_setpriority_all_domains(
domain
)
SummarySet the nice level of all domains. Parameters
domain_sigchld_all_domains(
domain
)
SummarySend a child terminated signal to all domains. Parameters
domain_sigchld_interactive_fds(
domain
)
SummarySend a SIGCHLD signal to domains whose file discriptors are widely inheritable. Parameters
domain_signal_all_domains(
domain
)
SummarySend general signals to all domains. Parameters
domain_signull_all_domains(
domain
)
SummarySend a null signal to all domains. Parameters
domain_sigstop_all_domains(
domain
)
SummarySend a stop signal to all domains. Parameters
domain_subj_id_change_exemption(
domain
)
SummaryMakes caller an exception to the constraint preventing changing of user identity. Parameters
domain_system_change_exemption(
domain
)
SummaryMakes caller and execption to the constraint preventing changing to the system user identity and system role. Parameters
domain_type(
type
)
SummaryMake the specified type usable as a domain. Parameters
domain_unconfined(
domain
)
SummaryUnconfined access to domains. Parameters
domain_use_interactive_fds(
domain
)
SummaryInherit and use file descriptors from domains with interactive programs. Parameters
domain_user_exemption_target(
domain
)
SummaryMake the specified domain the target of the user domain exception of the SELinux role and identity change constraints. Description
Make the specified domain the target of the user domain exception of the SELinux role and identity change constraints.
This interface is needed to decouple the user domains from the base module. It should not be used other than on user domains.
Parameters
|
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0105 ]-- |