Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /usr/share/doc/selinux-policy-2.4.6/html/ drwxr-xr-x | |
| Viewing file: Select action/file-type: Security Enhanced Linux Reference Policy
+
admin
-
corecommands
+
services
- corenetwork - devices - domain - files - filesystem - kernel - mcs - mls - selinux - storage - terminal * Global Booleans * Global Tunables * Layer Index * Interface Index * Template Index Layer: kernelModule: kernelDescription:Policy for kernel threads, proc filesystem, and unlabeled processes and objects. This module is required to be included in all policies. Interfaces:
kernel_change_ring_buffer_level(
domain
)
SummaryChange the level of kernel messages logged to the console. Parameters
kernel_clear_ring_buffer(
domain
)
SummaryAllows the caller to clear the ring buffer. Parameters
kernel_dgram_send(
domain
)
SummarySend messages to kernel unix datagram sockets. Parameters
kernel_domtrans_to(
domain
,
entrypoint
)
SummaryAllows to start userland processes by transitioning to the specified domain. Parameters
kernel_dontaudit_getattr_core_if(
domain
)
SummaryDo not audit attempts to get the attributes of core kernel interfaces. Parameters
kernel_dontaudit_getattr_message_if(
domain
)
SummaryDo not audit attempts by caller to get the attributes of kernel message interfaces. Parameters
kernel_dontaudit_getattr_unlabeled_blk_files(
domain
)
SummaryDo not audit attempts by caller to get attributes for unlabeled block devices. Parameters
kernel_dontaudit_getattr_unlabeled_chr_files(
domain
)
SummaryDo not audit attempts by caller to get attributes for unlabeled character devices. Parameters
kernel_dontaudit_getattr_unlabeled_files(
domain
)
SummaryDo not audit attempts by caller to get the attributes of an unlabeled file. Parameters
kernel_dontaudit_getattr_unlabeled_pipes(
domain
)
SummaryDo not audit attempts by caller to get the attributes of unlabeled named pipes. Parameters
kernel_dontaudit_getattr_unlabeled_sockets(
domain
)
SummaryDo not audit attempts by caller to get the attributes of unlabeled named sockets. Parameters
kernel_dontaudit_getattr_unlabeled_symlinks(
domain
)
SummaryDo not audit attempts by caller to get the attributes of unlabeled symbolic links. Parameters
kernel_dontaudit_list_all_proc(
domain
)
SummaryDo not audit attempts to list all proc directories. Parameters
kernel_dontaudit_list_all_sysctls(
domain
)
SummaryDo not audit attempts to list all sysctl directories. Parameters
kernel_dontaudit_list_proc(
domain
)
SummaryDo not audit attempts to list the contents of directories in /proc. Parameters
kernel_dontaudit_list_unlabeled(
domain
)
SummaryDo not audit attempts to list unlabeled directories. Parameters
kernel_dontaudit_raw_recvfrom_unlabeled(
domain
)
SummaryDo not audit attempts to receive Raw IP packets from a NetLabel connection. Description
Do not audit attempts to receive Raw IP packets from a NetLabel connection. NetLabel is an explicit packet labeling framework which implements CIPSO and similar protocols.
The corenetwork interface corenet_dontaudit_raw_recv_netlabel() should be used instead of this one.
Parameters
kernel_dontaudit_read_proc_symlinks(
domain
)
SummaryDo not audit attempts by caller to read system state information in proc. Parameters
kernel_dontaudit_read_ring_buffer(
domain
)
SummaryDo not audit attempts to read the ring buffer. Parameters
kernel_dontaudit_read_system_state(
domain
)
SummaryDo not audit attempts by caller to read system state information in proc. Parameters
kernel_dontaudit_read_unlabeled_files(
domain
)
SummaryDo not audit attempts by caller to read an unlabeled file. Parameters
kernel_dontaudit_search_kernel_sysctl(
domain
)
SummaryDo not audit attempts to search generic kernel sysctls. Parameters
kernel_dontaudit_search_network_state(
domain
)
SummaryDo not audit attempts to search the network state directory. Parameters
kernel_dontaudit_search_network_sysctl(
domain
)
SummaryDo not audit attempts by caller to search network sysctl directories. Parameters
kernel_dontaudit_search_sysctl(
domain
)
SummaryDo not audit attempts by caller to search the base directory of sysctls. Parameters
kernel_dontaudit_search_xen_state(
domain
)
SummaryDo not audit attempts to search the xen state directory. Parameters
kernel_dontaudit_sendrecv_unlabeled_association(
domain
)
SummaryDo not audit attempts to send and receive messages from an unlabeled IPSEC association. Description
Do not audit attempts to send and receive messages from an unlabeled IPSEC association. Network connections that are not protected by IPSEC have use an unlabeled assocation.
The corenetwork interface corenet_dontaudit_non_ipsec_sendrecv() should be used instead of this one.
Parameters
kernel_dontaudit_tcp_recvfrom_unlabeled(
domain
)
SummaryDo not audit attempts to receive TCP packets from a NetLabel connection. Description
Do not audit attempts to receive TCP packets from a NetLabel connection. NetLabel is an explicit packet labeling framework which implements CIPSO and similar protocols.
The corenetwork interface corenet_dontaudit_tcp_recv_netlabel() should be used instead of this one.
Parameters
kernel_dontaudit_udp_recvfrom_unlabeled(
domain
)
SummaryDo not audit attempts to receive UDP packets from a NetLabel connection. Description
Do not audit attempts to receive UDP packets from a NetLabel connection. NetLabel is an explicit packet labeling framework which implements CIPSO and similar protocols.
The corenetwork interface corenet_dontaudit_udp_recv_netlabel() should be used instead of this one.
Parameters
kernel_dontaudit_use_fds(
domain
)
SummaryDo not audit attempts to use kernel file descriptors. Parameters
kernel_dontaudit_write_kernel_sysctl(
domain
)
SummaryDo not audit attempts to write generic kernel sysctls. Parameters
kernel_get_sysvipc_info(
domain
)
SummaryGet information on all System V IPC objects. Parameters
kernel_getattr_core_if(
domain
)
SummaryAllows caller to get attribues of core kernel interface. Parameters
kernel_getattr_debugfs(
domain
)
SummaryGet the attributes of a kernel debugging filesystem. Parameters
kernel_getattr_message_if(
domain
)
SummaryAllow caller to get the attributes of kernel message interface (/proc/kmsg). Parameters
kernel_getattr_proc(
domain
)
SummaryGet the attributes of the proc filesystem. Parameters
kernel_getattr_proc_files(
domain
)
SummaryGet the attributes of files in /proc. Parameters
kernel_kill_unlabeled(
domain
)
SummarySend a kill signal to unlabeled processes. Parameters
kernel_link_key(
domain
)
SummaryAllow link to the kernel key ring. Parameters
kernel_list_proc(
domain
)
SummaryList the contents of directories in /proc. Parameters
kernel_list_unlabeled(
domain
)
SummaryList unlabeled directories. Parameters
kernel_load_module(
domain
)
SummaryAllows caller to load kernel modules Parameters
kernel_mount_debugfs(
domain
)
SummaryMount a kernel debugging filesystem. Parameters
kernel_ranged_domtrans_to(
domain
,
entrypoint
,
range
)
SummaryAllows to start userland processes by transitioning to the specified domain, with a range transition. Parameters
kernel_raw_recvfrom_unlabeled(
domain
)
SummaryReceive Raw IP packets from a NetLabel connection. Description
Receive Raw IP packets from a NetLabel connection, NetLabel is an explicit packet labeling framework which implements CIPSO and similar protocols.
The corenetwork interface corenet_raw_recv_netlabel() should be used instead of this one.
Parameters
kernel_read_all_sysctls(
domain
)
SummaryAllow caller to read all sysctls. Parameters
kernel_read_crypto_sysctls(
domain
)
SummaryRead generic crypto sysctls. Parameters
kernel_read_debugfs(
domain
)
SummaryRead information from the debugging filesystem. Parameters
kernel_read_device_sysctls(
domain
)
SummaryAllow caller to read the device sysctls. Parameters
kernel_read_fs_sysctls(
domain
)
SummaryRead filesystem sysctls. Parameters
kernel_read_hotplug_sysctls(
domain
)
SummaryRead the hotplug sysctl. Parameters
kernel_read_irq_sysctls(
domain
)
SummaryRead IRQ sysctls. Parameters
kernel_read_kernel_sysctls(
domain
)
SummaryRead generic kernel sysctls. Parameters
kernel_read_messages(
domain
)
SummaryAllow caller to read kernel messages using the /proc/kmsg interface. Parameters
kernel_read_modprobe_sysctls(
domain
)
SummaryRead the modprobe sysctl. Parameters
kernel_read_net_sysctls(
domain
)
SummaryAllow caller to read network sysctls. Parameters
kernel_read_network_state(
domain
)
SummaryAllow caller to read the network state information. Parameters
kernel_read_network_state_symlinks(
domain
)
SummaryAllow caller to read the network state symbolic links. Parameters
kernel_read_proc_symlinks(
domain
)
SummaryRead symbolic links in /proc. Parameters
kernel_read_ring_buffer(
domain
)
SummaryAllows caller to read the ring buffer. Parameters
kernel_read_rpc_sysctls(
domain
)
SummaryRead RPC sysctls. Parameters
kernel_read_software_raid_state(
domain
)
SummaryAllow caller to read the state information for software raid. Parameters
kernel_read_sysctl(
domain
)
SummaryAllow access to read sysctl directories. Parameters
kernel_read_system_state(
domain
)
SummaryAllows caller to read system state information in proc. Parameters
kernel_read_unix_sysctls(
domain
)
SummaryAllow caller to read unix domain socket sysctls. Parameters
kernel_read_unlabeled_state(
domain
)
SummaryRead the process state (/proc/pid) of all unlabeled_t. Parameters
kernel_read_vm_sysctls(
domain
)
SummaryAllow caller to read virtual memory sysctls. Parameters
kernel_read_xen_state(
domain
)
SummaryAllow caller to read the xen state information. Parameters
kernel_read_xen_state_symlinks(
domain
)
SummaryAllow caller to read the xen state symbolic links. Parameters
kernel_relabelfrom_unlabeled_dirs(
domain
)
SummaryAllow caller to relabel unlabeled directories. Parameters
kernel_relabelfrom_unlabeled_files(
domain
)
SummaryAllow caller to relabel unlabeled files. Parameters
kernel_relabelfrom_unlabeled_pipes(
domain
)
SummaryAllow caller to relabel unlabeled named pipes. Parameters
kernel_relabelfrom_unlabeled_sockets(
domain
)
SummaryAllow caller to relabel unlabeled named sockets. Parameters
kernel_relabelfrom_unlabeled_symlinks(
domain
)
SummaryAllow caller to relabel unlabeled symbolic links. Parameters
kernel_remount_debugfs(
domain
)
SummaryRemount a kernel debugging filesystem. Parameters
kernel_rootfs_mountpoint(
directory_type
)
SummaryAllows the kernel to mount filesystems on the specified directory type. Parameters
kernel_rw_all_sysctls(
domain
)
SummaryRead and write all sysctls. Parameters
kernel_rw_device_sysctls(
domain
)
SummaryRead and write device sysctls. Parameters
kernel_rw_fs_sysctls(
domain
)
SummaryRead and write fileystem sysctls. Parameters
kernel_rw_hotplug_sysctls(
domain
)
SummaryRead and write the hotplug sysctl. Parameters
kernel_rw_irq_sysctls(
domain
)
SummaryRead and write IRQ sysctls. Parameters
kernel_rw_kernel_sysctl(
domain
)
SummaryRead and write generic kernel sysctls. Parameters
kernel_rw_modprobe_sysctls(
domain
)
SummaryRead and write the modprobe sysctl. Parameters
kernel_rw_net_sysctls(
domain
)
SummaryAllow caller to modiry contents of sysctl network files. Parameters
kernel_rw_pipes(
domain
)
SummaryRead and write kernel unnamed pipes. Parameters
kernel_rw_rpc_sysctls(
domain
)
SummaryRead and write RPC sysctls. Parameters
kernel_rw_software_raid_state(
domain
)
SummaryAllow caller to read and set the state information for software raid. Parameters
kernel_rw_unix_dgram_sockets(
domain
)
SummaryRead and write kernel unix datagram sockets. Parameters
kernel_rw_unix_sysctls(
domain
)
SummaryRead and write unix domain socket sysctls. Parameters
kernel_rw_unlabeled_blk_files(
domain
)
SummaryRead and write unlabeled block device nodes. Parameters
kernel_rw_unlabeled_dirs(
domain
)
SummaryRead and write unlabeled directories. Parameters
kernel_rw_vm_sysctls(
domain
)
SummaryRead and write virtual memory sysctls. Parameters
kernel_search_debugfs(
domain
)
SummarySearch the contents of a kernel debugging filesystem. Parameters
kernel_search_key(
domain
)
SummaryAllow search the kernel key ring. Parameters
kernel_search_network_state(
domain
)
SummaryAllow searching of network state directory. Parameters
kernel_search_network_sysctl(
domain
)
SummarySearch network sysctl directories. Parameters
kernel_search_proc(
domain
)
SummarySearch directories in /proc. Parameters
kernel_search_vm_sysctl(
domain
)
SummaryAllow caller to search virtual memory sysctls. Parameters
kernel_search_xen_state(
domain
)
SummaryAllow searching of xen state directory. Parameters
kernel_sendrecv_unlabeled_association(
domain
)
SummarySend and receive messages from an unlabeled IPSEC association. Description
Send and receive messages from an unlabeled IPSEC association. Network connections that are not protected by IPSEC have use an unlabeled assocation.
The corenetwork interface corenet_non_ipsec_sendrecv() should be used instead of this one.
Parameters
kernel_sendrecv_unlabeled_packets(
domain
)
SummarySend and receive unlabeled packets. Description
Send and receive unlabeled packets. These packets do not match any netfilter SECMARK rules.
The corenetwork interface corenet_sendrecv_unlabeled_packets() should be used instead of this one.
Parameters
kernel_setpgid(
domain
)
SummarySet the process group of kernel threads. Parameters
kernel_setsched(
domain
)
SummarySet the priority of kernel threads. Parameters
kernel_share_state(
domain
)
SummaryAllows the kernel to share state information with the caller. Parameters
kernel_sigchld(
domain
)
SummarySend a SIGCHLD signal to kernel threads. Parameters
kernel_sigchld_unlabeled(
domain
)
SummarySend a child terminated signal to unlabeled processes. Parameters
kernel_sigkill(
domain
)
SummarySend a kill signal to kernel processes. Parameters
kernel_signal(
domain
)
SummarySend a generic signal to kernel threads. Parameters
kernel_signal_unlabeled(
domain
)
SummarySend general signals to unlabeled processes. Parameters
kernel_signull_unlabeled(
domain
)
SummarySend a null signal to unlabeled processes. Parameters
kernel_sigstop_unlabeled(
domain
)
SummarySend a stop signal to unlabeled processes. Parameters
kernel_tcp_recvfrom(
domain
)
SummaryReceive messages from kernel TCP sockets. (Deprecated) Parameters
kernel_tcp_recvfrom_unlabeled(
domain
)
SummaryReceive TCP packets from a NetLabel connection. Description
Receive TCP packets from a NetLabel connection, NetLabel is an explicit packet labeling framework which implements CIPSO and similar protocols.
The corenetwork interface corenet_tcp_recv_netlabel() should be used instead of this one.
Parameters
kernel_udp_recvfrom(
domain
)
SummaryReceive messages from kernel UDP sockets. (Deprecated) Parameters
kernel_udp_recvfrom_unlabeled(
domain
)
SummaryReceive UDP packets from a NetLabel connection. Description
Receive UDP packets from a NetLabel connection, NetLabel is an explicit packet labeling framework which implements CIPSO and similar protocols.
The corenetwork interface corenet_udp_recv_netlabel() should be used instead of this one.
Parameters
kernel_udp_send(
domain
)
SummarySend UDP network traffic to the kernel. (Deprecated) Parameters
kernel_unconfined(
domain
)
SummaryUnconfined access to kernel module resources. Parameters
kernel_unmount_debugfs(
domain
)
SummaryUnmount a kernel debugging filesystem. Parameters
kernel_unmount_proc(
domain
)
SummaryUnmount the proc filesystem. Parameters
kernel_use_fds(
domain
)
SummaryPermits caller to use kernel file descriptors. Parameters
kernel_write_proc_files(
domain
)
SummaryWrite to generic proc entries. Parameters
kernel_write_xen_state(
domain
)
SummaryAllow caller to write xen state information. Parameters
|
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0152 ]-- |