ObjectClassesPerms

From SELinux Wiki

(Difference between revisions)

Current revision

1 SELinux Object Classes and Permissions Reference

[edit] SELinux Object Classes and Permissions Reference

This document contains a list of all of the object classes and permissions for modern SELinux systems (starting in kernel 2.6.0). Each permission has a brief description of of the semantics of each permission, in addition to the versions of the kernel which support the permission and the policy capability that enables its enforcement (if applicable).

The document has the following caveats:

The permission descriptions are only for providing a general idea of the purposes of the permissions; a permission may mediate many operations.
Since SELinux development is ongoing, this document may be be incomplete or inaccurate.

[edit] Common Permission Sets

[edit] common database

Permission	Description
create	Create a new database object.
drop	Remove a database object.
getattr	Get the attributes of a database object.
setattr	Set the attributes of a database object.
relabelfrom	Change the security context based on existing type.
relabelto	Change the security context based on the new type.

[edit] common file

Permission	Description
getattr	Get file attributes for file, such as access mode. (e.g. stat, some ioctls. ...)
relabelto	Relabel to new security context.
unlink	Remove hard link (delete).
ioctl	IO control system call requests not addressed by other permissions.
execute	Execute
append	Write to a file opened with O_APPEND.
read	Read file contents.
setattr	Change file attributes for file such as access mode. (e.g. chmod, some ioctls, ...)
swapon	Allows file to be used for paging/swapping space.
write	Write to a file.
lock	Set and unset file locks.
create	Create new file.
rename	Rename a file.
mounton	Use as mount point; only useful for directories and files in Linux.
quotaon	Use as a quota file.
relabelfrom	Relabel from old security context.
link	Create another hard link to file

[edit] common ipc

Permission	Description
write	Write.
destroy	Destroy.
unix_write	Generic write access.
getattr	Get attributes, e.g. IPC_STAT *ctl operation.
create	Create.
read	Read
setattr	Change attributes, e.g. IPC_SET.
unix_read	Generic read access.
associate	Associate a key

[edit] common socket

Permission	Description
append	Write to open fd marked with O_APPEND.
relabelfrom	Change the security context based on existing type.
create	Create new socket.
read	Read from socket.
sendto	Send to socket.
connect	Initiate connection.
recvfrom	Legacy NetLabel check; obsoleted by peer recv
send_msg	Legacy check; no longer present.
bind	Bind a name to the socket.
lock	Apply file lock on a socket.
ioctl	IO control system call requests not addressed by other permissions.
getattr	Get socket attributes, e.g. fstat.
write	Write to socket.
setopt	Set socket options.
getopt	Get socket options.
listen	Listen for connections.
setattr	Change socket attributes.
shutdown	Shutdown connection.
relabelto	Change the security context based on the new type.
recv_msg	Obsolete.
accept	Accept a connection.
name_bind	Associate with port or file; for AF_INET sockets, controls relationship between a socket and it's port number; for AF_UNIX sockets, controls relationship between a socket and it's file

[edit] common x_device

Permission	Description
getattr
setattr
use
read
write
getfocus
setfocus
bell
force_cursor
freeze
grab
manage
list_property
get_property
set_property
add
remove

[edit] Kernel Object Classes

[edit] appletalk_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.18+
relabelfrom	see common socket:relabelfrom	2.6.18+
create	see common socket:create	2.6.18+
read	see common socket:read	2.6.18+
sendto	see common socket:sendto	2.6.18+
connect	see common socket:connect	2.6.18+
recvfrom	see common socket:recvfrom	2.6.18+
send_msg	see common socket:send_msg	2.6.18+
bind	see common socket:bind	2.6.18+
lock	see common socket:lock	2.6.18+
ioctl	see common socket:ioctl	2.6.18+
getattr	see common socket:getattr	2.6.18+
write	see common socket:write	2.6.18+
setopt	see common socket:setopt	2.6.18+
getopt	see common socket:getopt	2.6.18+
listen	see common socket:listen	2.6.18+
setattr	see common socket:setattr	2.6.18+
shutdown	see common socket:shutdown	2.6.18+
relabelto	see common socket:relabelto	2.6.18+
recv_msg	see common socket:recv_msg	2.6.18+
accept	see common socket:accept	2.6.18+
name_bind	see common socket:name_bind	2.6.18+

[edit] association

Permission	Description	Kernel Version/Capability
sendto	Send to an IPSEC assocation.	2.6.12+
recvfrom	Receive from an IPSEC association.	2.6.12+
setcontext	Set the context of an IPSEC association on creation.	2.6.16+
polmatch	Match an IPSEC policy entry	2.6.19+

[edit] blk_file

Inherits from: common file

Permission	Description	Kernel Version/Capability
getattr	see common file:getattr
relabelto	see common file:relabelto
unlink	see common file:unlink
ioctl	see common file:ioctl
execute	see common file:execute
append	see common file:append
read	see common file:read
setattr	see common file:setattr
swapon	see common file:swapon
write	see common file:write
lock	see common file:lock
create	see common file:create
rename	see common file:rename
mounton	see common file:mounton
quotaon	see common file:quotaon
relabelfrom	see common file:relabelfrom
link	see common file:link
open	Open a block device file.	2.6.26+ / open_perms

[edit] capability

Permission	Description	Kernel Version/Capability
chown	Override restrictions on changing file ownership and group ownership.
dac_override	Override all DAC access restrictions. Checked before dac_read_search, so a dontaudit candidate.
dac_read_search	Override DAC read/search access restrictions.
fowner	Override all file owner requirements (e.g. for chmod, setxattr) except where fsetid applies.
fsetid	Override file owner and group requirements when setting setuid or setgid bits on a file. Can be checked as a side effect on chmod and write operations; dontaudit candidate.
kill	Overrides the restriction that the real or effective user ID of a process sending a signal must match the real or effective user ID of the process receiving the signal.
setgid	Allow setgid(2) or setgroups(2) or forged gids on credentials passed over a socket.
setuid	Allow set*uid(2). Allow passing of forged ids on credentials passed over a socket.
setpcap	Add capability from bounding set to inheritable set, drop capability from bounding set, modify secure bits.
linux_immutable	Grant privilege to modify S_IMMUTABLE and S_APPEND file attributes on supporting filesystems.
net_bind_service	Allow low port binding. Port < 1024 for TCP/UDP. VCI < 32 for ATM.
net_broadcast	Grant network broadcasting and listening to incoming multicasts.
net_admin	Allows all networking configurations and modifications. See linux/capability.h for details.
net_raw	Allows opening of raw sockets and packet sockets.
ipc_lock	Allow locking shared memory segments and mlock/mlockall.
ipc_owner	Override IPC ownership checks.
sys_module	Allow unrestricted kernel modification including but not limited to loading and removing kernel modules. Allows modification of kernels bounding capability mask. See sysctl.
sys_rawio	Grant permission to use ioperm(2) and iopl(2) as well as the ability to send messages to USB devices via /proc/bus/usb.
sys_chroot	Grant use of the chroot(2) call.
sys_ptrace	Allow a ptrace of any process.
sys_pacct	Allow modification of accounting for any process.
sys_admin	Too many to list here (see /usr/include/linux/capability.h)
sys_boot	Grant ability to reboot the system.
sys_nice	Grants privilege to change priority of any process. Grants change of scheduling algorithm used by any process.
sys_resource	Too many to list here (see /usr/include/linux/capability.h for details.)
sys_time	Grant permission to set system time and to set the real-time lock.
sys_tty_config	Grant permission to configure tty devices. Allow vhangup(2) call on a tty.
mknod	Grants permission to creation of character and block device nodes.
lease	Grants ability to take leases on a file. For details on what leases are see fcntl(2).
audit_write	Generate audit messages from user space.	2.6.12+
audit_control	Control kernel audit configuration/rules. Set login UID.	2.6.12+
setfcap	Set file capabilities.	2.6.25+

[edit] capability2

Permission	Description	Kernel Version/Capability
mac_override	Override MAC restrictions - Ignored by SELinux	2.6.25+
mac_admin	Change MAC configuration - For SELinux, get/set raw security context values unknown to the current policy.	2.6.25+
syslog	Configure kernel syslog subsystem
wake_alarm	Trigger something that will wake the system
block_suspend	Prevent system suspends

[edit] chr_file

Inherits from: common file

Permission	Description	Kernel Version/Capability
getattr	see common file:getattr
relabelto	see common file:relabelto
unlink	see common file:unlink
ioctl	see common file:ioctl
execute	see common file:execute
append	see common file:append
read	see common file:read
setattr	see common file:setattr
swapon	see common file:swapon
write	see common file:write
lock	see common file:lock
create	see common file:create
rename	see common file:rename
mounton	see common file:mounton
quotaon	see common file:quotaon
relabelfrom	see common file:relabelfrom
link	see common file:link
execute_no_trans	Execute a file in the callers domain.	2.6.11+
entrypoint	Can be executed as the entry point of the new domain in a transition.	2.6.11+
execmod	Make executable a file mapping that has been modified by copy-on-write. (Text relocation)	2.6.11+
open	Open a character device file.	2.6.26+ / open_perms

[edit] dccp_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.20+
relabelfrom	see common socket:relabelfrom	2.6.20+
create	see common socket:create	2.6.20+
read	see common socket:read	2.6.20+
sendto	see common socket:sendto	2.6.20+
connect	see common socket:connect	2.6.20+
recvfrom	see common socket:recvfrom	2.6.20+
send_msg	see common socket:send_msg	2.6.20+
bind	see common socket:bind	2.6.20+
lock	see common socket:lock	2.6.20+
ioctl	see common socket:ioctl	2.6.20+
getattr	see common socket:getattr	2.6.20+
write	see common socket:write	2.6.20+
setopt	see common socket:setopt	2.6.20+
getopt	see common socket:getopt	2.6.20+
listen	see common socket:listen	2.6.20+
setattr	see common socket:setattr	2.6.20+
shutdown	see common socket:shutdown	2.6.20+
relabelto	see common socket:relabelto	2.6.20+
recv_msg	see common socket:recv_msg	2.6.20+
accept	see common socket:accept	2.6.20+
name_bind	see common socket:name_bind	2.6.20+
connectto	Connect to server socket.	2.6.20+
newconn	Create new socket for connection.	2.6.20+
acceptfrom	Accept connection from client socket.	2.6.20+
node_bind	Ability to bind to a node.	2.6.20+
name_connect	Connect to a specific port number.	2.6.20+

[edit] dir

Inherits from: common file

Permission	Description	Kernel Version/Capability
getattr	see common file:getattr
relabelto	see common file:relabelto
unlink	N/A
ioctl	see common file:ioctl
execute	N/A
append	N/A
read	see common file:read
setattr	see common file:setattr
swapon	N/A
write	General write access; required for adding or removing
lock	see common file:lock
create	see common file:create
rename	see common file:rename
mounton	see common file:mounton
quotaon	N/A
relabelfrom	see common file:relabelfrom
link	N/A
search	Search access
rmdir	Remove the directory
remove_name	Remove a file from the directory.
reparent	Rename into a different parent directory (.. change).
add_name	Add a file to the directory.
open	Open a directory.	2.6.26+ / open_perms

[edit] fd

Permission	Description	Kernel Version/Capability
use	Permission to use an inherited file descriptor

[edit] fifo_file

Inherits from: common file

Permission	Description	Kernel Version/Capability
getattr	see common file:getattr
relabelto	see common file:relabelto
unlink	see common file:unlink
ioctl	see common file:ioctl
execute	see common file:execute
append	see common file:append
read	see common file:read
setattr	see common file:setattr
swapon	see common file:swapon
write	see common file:write
lock	see common file:lock
create	see common file:create
rename	see common file:rename
mounton	see common file:mounton
quotaon	see common file:quotaon
relabelfrom	see common file:relabelfrom
link	see common file:link
open	Open a FIFO.	2.6.26+ / open_perms

[edit] file

Inherits from: common file

Permission	Description	Kernel Version/Capability
getattr	see common file:getattr
relabelto	see common file:relabelto
unlink	see common file:unlink
ioctl	see common file:ioctl
execute	see common file:execute
append	see common file:append
read	see common file:read
setattr	see common file:setattr
swapon	see common file:swapon
write	see common file:write
lock	see common file:lock
create	see common file:create
rename	see common file:rename
mounton	see common file:mounton
quotaon	see common file:quotaon
relabelfrom	see common file:relabelfrom
link	see common file:link
execute_no_trans	Execute a file in the callers domain.
entrypoint	Can be executed as the entry point of the new domain in a transition.
execmod	Make executable a file mapping that has been modified by copy-on-write. (Text relocation)	2.6.11+
open	Open a file.	2.6.26+ / open_perms

[edit] filesystem

Permission	Description	Kernel Version/Capability
mount	Mount the filesystem.
remount	Change filesystem mount flags.
unmount	Unmount the filesystem.
getattr	Get file attributes, such as access mode. (e.g. stat, some ioctls. ...)
relabelfrom	Change the security context based on existing type.
relabelto	Change the security context based on the new type.
transition	Transition to a new SID (change security context).
associate	Associate a file to the filesystem.
quotamod	Modify quota information.
quotaget	Get quota information

[edit] ipc

Inherits from: common ipc

Permission	Description	Kernel Version/Capability
write	see common ipc:write
destroy	see common ipc:destroy
unix_write	see common ipc:unix_write
getattr	see common ipc:getattr
create	see common ipc:create
read	see common ipc:read
setattr	see common ipc:setattr
unix_read	see common ipc:unix_read
associate	see common ipc:associate

[edit] kernel_service

Permission	Description	Kernel Version/Capability
use_as_override	Grant a process the right to nominate an alternate process security ID for the kernel to use as an override for the SELinux subjective security when accessing stuff on behalf of another process.	2.6.29+
create_files_as	Grant a process the right to nominate a file creation label for a kernel service to use.	2.6.29+

[edit] key

Permission	Description	Kernel Version/Capability
view		2.6.18+
read		2.6.18+
write		2.6.18+
search		2.6.18+
link		2.6.18+
setattr		2.6.18+
create		2.6.18+

[edit] key_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind

[edit] lnk_file

Inherits from: common file

Permission	Description	Kernel Version/Capability
getattr	see common file:getattr
relabelto	see common file:relabelto
unlink	see common file:unlink
ioctl	see common file:ioctl
execute	see common file:execute
append	see common file:append
read	see common file:read
setattr	see common file:setattr
swapon	see common file:swapon
write	see common file:write
lock	see common file:lock
create	see common file:create
rename	see common file:rename
mounton	see common file:mounton
quotaon	see common file:quotaon
relabelfrom	see common file:relabelfrom
link	see common file:link

[edit] memprotect

Permission	Description	Kernel Version/Capability
mmap_zero	Mmap the first page of memory.	2.6.23+

[edit] msg

Permission	Description	Kernel Version/Capability
receive	Remove a message from a queue.
send	Add a message to a queue.

[edit] msgq

Inherits from: common ipc

Permission	Description	Kernel Version/Capability
write	see common ipc:write
destroy	see common ipc:destroy
unix_write	see common ipc:unix_write
getattr	see common ipc:getattr
create	see common ipc:create
read	see common ipc:read
setattr	see common ipc:setattr
unix_read	see common ipc:unix_read
associate	see common ipc:associate
enqueue	Message can be added to a queue.

[edit] netif

Permission	Description	Kernel Version/Capability
tcp_recv	Receive TCP packet.
tcp_send	Send TCP packet.
udp_recv	Receive UDP packet.
udp_send	Send UDP packet.
rawip_recv	Receive raw IP packet.
rawip_send	Send raw IP packet.
dccp_recv	Receive DCCP packet.	2.6.20+
dccp_send	Send DCCP packet.	2.6.20+
ingress		2.6.25+ / network_peer_controls
egress		2.6.25+ / network_peer_controls

[edit] netlink_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind

[edit] netlink_audit_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+
nlmsg_read	Read audit subsystem state (e.g. AUDIT_GET).	2.6.8+
nlmsg_write	Write audit subsystem state (e.g. AUDIT_SET).	2.6.8+
nlmsg_relay	Send user space audit messages to the kernel audit system.	2.6.12+
nlmsg_readpriv	Read security-sensitive audit subsystem state.	2.6.12+
nlmsg_tty_audit	Control TTY auditing	2.6.30+

[edit] netlink_dnrt_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+

[edit] netlink_firewall_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+
nlmsg_read	Read firewall configuration state.	2.6.8+
nlmsg_write	Write firewall configuration state.	2.6.8+

[edit] netlink_ip6fw_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+
nlmsg_read	Read netlink message.	2.6.8+
nlmsg_write	Write netlink message.	2.6.8+

[edit] netlink_kobject_uevent_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.12+
relabelfrom	see common socket:relabelfrom	2.6.12+
create	see common socket:create	2.6.12+
read	see common socket:read	2.6.12+
sendto	see common socket:sendto	2.6.12+
connect	see common socket:connect	2.6.12+
recvfrom	see common socket:recvfrom	2.6.12+
send_msg	see common socket:send_msg	2.6.12+
bind	see common socket:bind	2.6.12+
lock	see common socket:lock	2.6.12+
ioctl	see common socket:ioctl	2.6.12+
getattr	see common socket:getattr	2.6.12+
write	see common socket:write	2.6.12+
setopt	see common socket:setopt	2.6.12+
getopt	see common socket:getopt	2.6.12+
listen	see common socket:listen	2.6.12+
setattr	see common socket:setattr	2.6.12+
shutdown	see common socket:shutdown	2.6.12+
relabelto	see common socket:relabelto	2.6.12+
recv_msg	see common socket:recv_msg	2.6.12+
accept	see common socket:accept	2.6.12+
name_bind	see common socket:name_bind	2.6.12+

[edit] netlink_nflog_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+

[edit] netlink_route_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+
nlmsg_read	Read route configuration state.	2.6.8+
nlmsg_write	Write route configuration state.	2.6.8+

[edit] netlink_selinux_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+

[edit] netlink_tcpdiag_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+
nlmsg_read	Read tcp diagnostics.	2.6.8+
nlmsg_write	Unused.	2.6.8+

[edit] netlink_xfrm_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.8+
relabelfrom	see common socket:relabelfrom	2.6.8+
create	see common socket:create	2.6.8+
read	see common socket:read	2.6.8+
sendto	see common socket:sendto	2.6.8+
connect	see common socket:connect	2.6.8+
recvfrom	see common socket:recvfrom	2.6.8+
send_msg	see common socket:send_msg	2.6.8+
bind	see common socket:bind	2.6.8+
lock	see common socket:lock	2.6.8+
ioctl	see common socket:ioctl	2.6.8+
getattr	see common socket:getattr	2.6.8+
write	see common socket:write	2.6.8+
setopt	see common socket:setopt	2.6.8+
getopt	see common socket:getopt	2.6.8+
listen	see common socket:listen	2.6.8+
setattr	see common socket:setattr	2.6.8+
shutdown	see common socket:shutdown	2.6.8+
relabelto	see common socket:relabelto	2.6.8+
recv_msg	see common socket:recv_msg	2.6.8+
accept	see common socket:accept	2.6.8+
name_bind	see common socket:name_bind	2.6.8+
nlmsg_read	Read xfrm configuration state.	2.6.8+
nlmsg_write	Write xfrm configuration state.	2.6.8+

[edit] node

Permission	Description	Kernel Version/Capability
tcp_recv	Receive TCP packet.
tcp_send	Send TCP packet.
udp_recv	Receive UDP packet.
udp_send	Send UDP packet.
rawip_recv	Receive raw IP packet.
rawip_send	Send raw IP packet.
enforce_dest	Ensure that the destination node can enforce restrictions on the destination socket.
dccp_recv	Receive DCCP packet.	2.6.20+
dccp_send	Send DCCP packet.	2.6.20+
recvfrom		2.6.25+ / network_peer_controls
sendto		2.6.25+ / network_peer_controls

[edit] packet

Permission	Description	Kernel Version/Capability
send	Send a packet.	2.6.18+
receive	Receive a packet.	2.6.18+
relabelto	Set a labeling rule to the specified type.	2.6.18+
flow_in	Deprecated	2.6.25+
flow_out	Deprecated	2.6.25+
forward_in		2.6.25+
forward_out		2.6.25+

[edit] packet_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind

[edit] peer

Permission	Description	Kernel Version/Capability
recv	Receive from a labeled networking peer.	2.6.25+ / network_peer_controls

[edit] process

Permission	Description	Kernel Version/Capability
fork	Fork into two processes.
transition	Transition to a new context on exec().
sigchld	Send SIGCHLD signal.
sigkill	Send SIGKILL signal.
sigstop	Send SIGSTOP signal
signull	Test for exisitence of another process without sending a signal
signal	Send a signal other than SIGKILL, SIGSTOP, or SIGCHLD.
ptrace	Attach to another process for tracing.
getsched	Get priority of a process.
setsched	Set priority of a process.
getsession	Get session ID of another process.
getpgid	Get group Process ID of a process.
setpgid	Set group Process ID of a process.
getcap	Get Linux capabilities.
setcap	Set Linux capabilities.
share	Allow state sharing with cloned or forked process.
getattr	Get attributes of a file.
setexec	Override the default context for the next exec().
setfscreate	Override the default context for file creation.
setrlimit	Change process hard limits.
noatsecure	Disable secure mode environment cleansing (AT_SECURE).	v.16+
siginh	Inherit signal state from caller.	v.16+
rlimitinh	Inherit resource limits from caller.	v.16+
dyntransition	Dynamically transition to a new context.	2.6.11+
setcurrent	Set the current process context.	2.6.11+
execmem	Make executable an anonymous mapping or private file mapping that is writable.	2.6.13+
execstack	Make the main process stack executable.	2.6.13+
execheap	Make the heap executable.	2.6.13+
setkeycreate	Override the default context for key creation.	2.6.18+
setsockcreate	Override the default context for socket creation.	2.6.18+

[edit] rawip_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind
node_bind	Ability to bind to a node.	v.17+

[edit] security

Permission	Description	Kernel Version/Capability
compute_user	Get user info in selinuxfs.
compute_relabel	Get relabel info in selinuxfs.
compute_create	Get create info in selinuxfs.
compute_av	Compute an access vector given a source/target/class.
compute_member	Determines the context to use when selecting a member of a polyinstantiated object.
setenforce	Change the enforcement state of SELinux.
check_context	Write context in selinuxfs.
load_policy	Load the security policy.
setbool	Set a boolean value.	2.6.5+
setsecparam	Set kernel access vector cache tuning parameters.	2.6.11+
setcheckreqprot	Set if SELinux will check original protection mode or modified protection mode (read-implies-exec) for mmap/mprotect.	2.6.12+

[edit] sem

Inherits from: common ipc

Permission	Description	Kernel Version/Capability
write	see common ipc:write
destroy	see common ipc:destroy
unix_write	see common ipc:unix_write
getattr	see common ipc:getattr
create	see common ipc:create
read	see common ipc:read
setattr	see common ipc:setattr
unix_read	see common ipc:unix_read
associate	see common ipc:associate

[edit] shm

Inherits from: common ipc

Permission	Description	Kernel Version/Capability
write	see common ipc:write
destroy	see common ipc:destroy
unix_write	see common ipc:unix_write
getattr	see common ipc:getattr
create	see common ipc:create
read	see common ipc:read
setattr	see common ipc:setattr
unix_read	see common ipc:unix_read
associate	see common ipc:associate
lock	(Un)lock page(s) in memory.

[edit] sock_file

Inherits from: common file

Permission	Description	Kernel Version/Capability
getattr	see common file:getattr
relabelto	see common file:relabelto
unlink	see common file:unlink
ioctl	see common file:ioctl
execute	see common file:execute
append	see common file:append
read	see common file:read
setattr	see common file:setattr
swapon	see common file:swapon
write	see common file:write
lock	see common file:lock
create	see common file:create
rename	see common file:rename
mounton	see common file:mounton
quotaon	see common file:quotaon
relabelfrom	see common file:relabelfrom
link	see common file:link
open	Open a named socket file.	2.6.26+ / open_perms

[edit] socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind

[edit] system

Permission	Description	Kernel Version/Capability
ipc_info	Get info for an ipc socket.
syslog_mod	Perform syslog operation other than syslog_read or console logging.
syslog_read	Perform syslog read.
syslog_console	Perform syslog console.

[edit] tcp_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind
connectto	Connect to server socket.
newconn	Create new socket for connection.
acceptfrom	Accept connection from client socket.
node_bind	Ability to bind to a node.	2.6.2+
name_connect	Connect to a specific port number.	2.6.12+

[edit] tun_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append	2.6.32+
relabelfrom	see common socket:relabelfrom	2.6.32+
create	see common socket:create	2.6.32+
read	see common socket:read	2.6.32+
sendto	see common socket:sendto	2.6.32+
connect	see common socket:connect	2.6.32+
recvfrom	see common socket:recvfrom	2.6.32+
send_msg	see common socket:send_msg	2.6.32+
bind	see common socket:bind	2.6.32+
lock	see common socket:lock	2.6.32+
ioctl	see common socket:ioctl	2.6.32+
getattr	see common socket:getattr	2.6.32+
write	see common socket:write	2.6.32+
setopt	see common socket:setopt	2.6.32+
getopt	see common socket:getopt	2.6.32+
listen	see common socket:listen	2.6.32+
setattr	see common socket:setattr	2.6.32+
shutdown	see common socket:shutdown	2.6.32+
relabelto	see common socket:relabelto	2.6.32+
recv_msg	see common socket:recv_msg	2.6.32+
accept	see common socket:accept	2.6.32+
name_bind	see common socket:name_bind	2.6.32+

[edit] udp_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind
node_bind	Ability to bind to a node.	2.6.2+

[edit] unix_dgram_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind

[edit] unix_stream_socket

Inherits from: common socket

Permission	Description	Kernel Version/Capability
append	see common socket:append
relabelfrom	see common socket:relabelfrom
create	see common socket:create
read	see common socket:read
sendto	see common socket:sendto
connect	see common socket:connect
recvfrom	see common socket:recvfrom
send_msg	see common socket:send_msg
bind	see common socket:bind
lock	see common socket:lock
ioctl	see common socket:ioctl
getattr	see common socket:getattr
write	see common socket:write
setopt	see common socket:setopt
getopt	see common socket:getopt
listen	see common socket:listen
setattr	see common socket:setattr
shutdown	see common socket:shutdown
relabelto	see common socket:relabelto
recv_msg	see common socket:recv_msg
accept	see common socket:accept
name_bind	see common socket:name_bind
connectto	Connect to server socket.
newconn	Create new socket for connection.
acceptfrom	Accept connection from client socket.

[edit] Database Object Classes

[edit] db_blob

Inherits from: common database

Permission	Description
read	Read a blob.
write	Write a blob.
import	Import a blob.
export	Export a blob.

[edit] db_column

Inherits from: common database

Permission	Description
use	Deprecated
select
update
insert

[edit] db_database

Inherits from: common database

Permission	Description
access
install_module
load_module
get_param	Deprecated
set_param	Deprecated

[edit] db_procedure

Inherits from: common database

Permission	Description
execute	Execute a stored procedure.
entrypoint
install

[edit] db_table

Inherits from: common database

Permission	Description
use	Deprecated
select
update
insert
delete
lock

[edit] db_tuple

Permission	Description
relabelfrom
relabelto
use	Deprecated
select
update
insert
delete

[edit] DBus Object Classes

[edit] dbus

Permission	Description
acquire_svc
send_msg	Send a message on the bus.

[edit] MLS Context Translation Object Classes

[edit] context

Permission	Description
translate	Translate a raw MLS label.
contains	Calculate a MLS subset.

[edit] NSCD Object Classes

[edit] nscd

Permission	Description
getpwd
getgrp
gethost
getstat
admin
shmempwd
shmemgrp
shmemhost
getserv
shmemserv

[edit] Password Object Classes

[edit] passwd

Permission	Description
passwd	Update user password.
chfn	Change finger information. e.g real name, work room and phone and home phone.
chsh	Change login shell.
rootok	Allow update if the user is root and the process has the rootok PAM permission.
crontab	crontab on another user.

[edit] X Server Object Classes

[edit] x_application_data

Permission	Description
paste
paste_after_confirm
copy

[edit] x_client

Permission	Description
destroy	Close down a client.
getattr	Get the attributes of an X client
setattr	Set the attributes of an X client
manage

[edit] x_colormap

Permission	Description
create	Create a new Colormap.
destroy	Free a Colormap.
read	Read color cells of colormap.
write
getattr	Get the color gamut of a screen.
add_color
remove_color
install	Copy a virtual colormap into the display hardware.
uninstall	Remove a virtual colormap from the display hardware.
use

[edit] x_cursor

Permission	Description
create	Create an arbitrary cursor object.
destroy	Delete a cursor object.
read
write
getattr	Get attributes of the cursor.
setattr	Set attributes of the cursor.
use	Associate a cursor object with a window.

[edit] x_device

Inherits from: common x_device

Permission	Description
getattr	see common x_device: getattr
setattr	see common x_device: setattr
use	see common x_device: use
read	see common x_device: read
write	see common x_device: write
getfocus	see common x_device: getfocus
setfocus	see common x_device: setfocus
bell	see common x_device: bell
force_cursor	see common x_device: force_cursor
freeze	see common x_device: freeze
grab	see common x_device: grab
manage	see common x_device: manage
list_property	see common x_device: list_property
get_property	see common x_device: get_property
set_property	see common x_device: set_property
add	see common x_device: add
remove	see common x_device: remove

[edit] x_drawable

Permission	Description
create	Create a Drawable object.
destroy	Destroy a Drawable.
read
write
blend
getattr	Get attributes of a Drawable object
setattr	Set attributes of a Drawable object
list_child
add_child
remove_child
list_property
get_property
set_property
manage
override
show
hide
send
receive

[edit] x_event

Permission	Description
send
receive

[edit] x_extension

Permission	Description
query
use

[edit] x_font

Permission	Description
create	Load a font.
destroy	Free (dereference) a font.
getattr	Obtain font names, path, etc.
add_glyph
remove_glyph
use	Use a font for drawing.

[edit] x_gc

Permission	Description
create	Create Graphic Contexts object.
destroy	Free (dereference) a Graphics Contexts object.
getattr	Get attributes for Graphic Contexts object.
setattr	Set attributes for Graphic Contexts object.
use

[edit] x_keyboard

Inherits from: common x_device

Permission	Description
getattr	see common x_device: getattr
setattr	see common x_device: setattr
use	see common x_device: use
read	see common x_device: read
write	see common x_device: write
getfocus	see common x_device: getfocus
setfocus	see common x_device: setfocus
bell	see common x_device: bell
force_cursor	see common x_device: force_cursor
freeze	see common x_device: freeze
grab	see common x_device: grab
manage	see common x_device: manage
list_property	see common x_device: list_property
get_property	see common x_device: get_property
set_property	see common x_device: set_property
add	see common x_device: add
remove	see common x_device: remove

[edit] x_pointer

Inherits from: common x_device

Permission	Description
getattr	see common x_device: getattr
setattr	see common x_device: setattr
use	see common x_device: use
read	see common x_device: read
write	see common x_device: write
getfocus	see common x_device: getfocus
setfocus	see common x_device: setfocus
bell	see common x_device: bell
force_cursor	see common x_device: force_cursor
freeze	see common x_device: freeze
grab	see common x_device: grab
manage	see common x_device: manage
list_property	see common x_device: list_property
get_property	see common x_device: get_property
set_property	see common x_device: set_property
add	see common x_device: add
remove	see common x_device: remove

[edit] x_property

Permission	Description
create	Create property object.
destroy	Free (dereference) a property object.
read	Read a property.
write	Write a property.
append	Append a property.
getattr	Get the attributes of a property.
setattr	Set the attributes of a property.

[edit] x_resource

Permission	Description
read
write

[edit] x_screen

Permission	Description
getattr
setattr
hide_cursor
show_cursor
saver_getattr
saver_setattr
saver_hide
saver_show

[edit] x_selection

Permission	Description
read
write
getattr
setattr

[edit] x_server

Permission	Description
getattr
setattr
record
debug
grab
manage

[edit] x_synthetic_event

Permission	Description
send
receive

Retrieved from "http://selinuxproject.org/page/ObjectClassesPerms"

 ! Description
 |-
-||create||Create a new database object.||
+||create||Create a new database object.
 |-
-||drop||Remove a database object.||
+||drop||Remove a database object.
 |-
-||getattr||Get the attributes of a database object.||
+||getattr||Get the attributes of a database object.
 |-
-||setattr||Set the attributes of a database object.||
+||setattr||Set the attributes of a database object.
 |-
-||relabelfrom||Change the security context based on existing type.||
+||relabelfrom||Change the security context based on existing type.
 |-
-||relabelto||Change the security context based on the new type.||
+||relabelto||Change the security context based on the new type.
 |}
 ! Description
 |-
-||getattr||Get file attributes for block file, such as access mode. (e.g. stat, some ioctls. ...)||
+||getattr||Get file attributes for file, such as access mode. (e.g. stat, some ioctls. ...)
 |-
-||relabelto||Change the security context based on the new type.||
+||relabelto||Relabel to new security context.
 |-
-||unlink||Remove hard link (delete).||
+||unlink||Remove hard link (delete).
 |-
-||ioctl||IO control system call requests not addressed by other permissions.||
+||ioctl||IO control system call requests not addressed by other permissions.
 |-
-||execute||Execute||
+||execute||Execute
 |-
-||append||Append file contents. i.e opened with O_APPEND flag.||
+||append||Write to a file opened with O_APPEND.
 |-
-||read||Read file contents.||
+||read||Read file contents.
 |-
-||setattr||Change file attributes for block file such as access mode. (e.g. chmod, some ioctls, ...)||
+||setattr||Change file attributes for file such as access mode. (e.g. chmod, some ioctls, ...)
 |-
-||swapon||Allows file to be used for paging/swapping space.||
+||swapon||Allows file to be used for paging/swapping space.
 |-
-||write||Write or append file contents.||
+||write||Write to a file.
 |-
-||lock||Set and unset block file locks.||
+||lock||Set and unset file locks.
 |-
-||create||Create new block file.||
+||create||Create new file.
 |-
-||rename||Rename a hard link.||
+||rename||Rename a file.
 |-
-||mounton||Use as mount point; only useful for directories and files in Linux.||
+||mounton||Use as mount point; only useful for directories and files in Linux.
 |-
-||quotaon||Enabling quotas.||
+||quotaon||Use as a quota file.
 |-
-||relabelfrom||Change the security context based on existing type.||
+||relabelfrom||Relabel from old security context.
 |-
-||link||Create hard link to block files||
+||link||Create another hard link to file
 |}
 ! Description
 |-
-||write||Write or append.||
+||write||Write.
 |-
-||destroy||Destroy.||
+||destroy||Destroy.
 |-
-||unix_write||Write or append; required by IPC operations.||
+||unix_write||Generic write access.
 |-
-||getattr||Get file attributes, such as access mode. (e.g. stat, some ioctls. ...)||
+||getattr||Get attributes, e.g. IPC_STAT *ctl operation.
 |-
-||create||Create.||
+||create||Create.
 |-
-||read||Read.||
+||read||Read
 |-
-||setattr||Change file attributes for shared memory segment such as access mode. (e.g. chmod, some ioctls, ...)||
+||setattr||Change attributes, e.g. IPC_SET.
 |-
-||unix_read||Read; required by IPC operations.||
+||unix_read||Generic read access.
 |-
-||associate||Associate a key||
+||associate||Associate a key
 |}
 ! Description
 |-
-||append||Write or append socket file contents.||
+||append||Write to open fd marked with O_APPEND.
 |-
-||relabelfrom||Change the security context based on existing type.||
+||relabelfrom||Change the security context based on existing type.
 |-
-||create||Create new socket file.||
+||create||Create new socket.
 |-
-||read||Read socket file contents.||
+||read||Read from socket.
 |-
-||sendto||Send datagrams to socket.||
+||sendto||Send to socket.
 |-
-||connect||Initiate connection.||
+||connect||Initiate connection.
 |-
-||recvfrom||Receive datagrams from socket.||
+||recvfrom||Legacy NetLabel check; obsoleted by peer recv
 |-
-||send_msg||Send datagram message; implicitly granted if the message SID is equal to the sending socket SID.||
+||send_msg||Legacy check; no longer present.
 |-
-||bind||Bind name.||
+||bind||Bind a name to the socket.
 |-
-||lock||Set and unset socket file locks||
+||lock||Apply file lock on a socket.
 |-
-||ioctl||IO control system call requests not addressed by other permissions.||
+||ioctl||IO control system call requests not addressed by other permissions.
 |-
-||getattr||Get file attributes for socket file, such as access mode. (e.g. stat, some ioctls. ...)||
+||getattr||Get socket attributes, e.g. fstat.
 |-
-||write||Write or append socket file contents.||
+||write||Write to socket.
 |-
-||setopt||Set socket options.||
+||setopt||Set socket options.
 |-
-||getopt||Get socket options.||
+||getopt||Get socket options.
 |-
-||listen||Listen for connections.||
+||listen||Listen for connections.
 |-
-||setattr||Change file attributes for file such as access mode. (e.g. chmod, some ioctls)||
+||setattr||Change socket attributes.
 |-
-||shutdown||Shutdown connection.||
+||shutdown||Shutdown connection.
 |-
-||relabelto||Change the security context based on the new type.||
+||relabelto||Change the security context based on the new type.
 |-
-||recv_msg||Receive datagram message; implicitly granted if the message SID is equal to the sending socket SID.||
+||recv_msg||Obsolete.
 |-
-||accept||Accept a connection.||
+||accept||Accept a connection.
 |-
-||name_bind||Use port or file; for AF_INET sockets, controls relationship between a socket and it's port number; for AF_UNIX sockets, controls relationship between a socket and it's file||
+||name_bind||Associate with port or file; for AF_INET sockets, controls relationship between a socket and it's port number; for AF_UNIX sockets, controls relationship between a socket and it's file
+|}
+=== common x_device ===
+{| border="1"
+! Permission
+! Description
+|-
+||getattr
+|-
+||setattr
+|-
+||use
+|-
+||read
+|-
+||write
+|-
+||getfocus
+|-
+||setfocus
+|-
+||bell
+|-
+||force_cursor
+|-
+||freeze
+|-
+||grab
+|-
+||manage
+|-
+||list_property
+|-
+||get_property
+|-
+||set_property
+|-
+||add
+|-
+||remove
 |}
 == Kernel Object Classes ==
 === appletalk_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.18+||
+||append||see common socket:append||2.6.18+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.18+||
+||relabelfrom||see common socket:relabelfrom||2.6.18+
 |-
-||create||see common socket:create||2.6.18+||
+||create||see common socket:create||2.6.18+
 |-
-||read||see common socket:read||2.6.18+||
+||read||see common socket:read||2.6.18+
 |-
-||sendto||see common socket:sendto||2.6.18+||
+||sendto||see common socket:sendto||2.6.18+
 |-
-||connect||see common socket:connect||2.6.18+||
+||connect||see common socket:connect||2.6.18+
 |-
-||recvfrom||see common socket:recvfrom||2.6.18+||
+||recvfrom||see common socket:recvfrom||2.6.18+
 |-
-||send_msg||see	common socket:send_msg||2.6.18+||
+||send_msg||see	common socket:send_msg||2.6.18+
 |-
-||bind||see common socket:bind||2.6.18+||
+||bind||see common socket:bind||2.6.18+
 |-
-||lock||see common socket:lock||2.6.18+||
+||lock||see common socket:lock||2.6.18+
 |-
-||ioctl||see common socket:ioctl||2.6.18+||
+||ioctl||see common socket:ioctl||2.6.18+
 |-
-||getattr||see common socket:getattr||2.6.18+||
+||getattr||see common socket:getattr||2.6.18+
 |-
-||write||see common socket:write||2.6.18+||
+||write||see common socket:write||2.6.18+
 |-
-||setopt||see common socket:setopt||2.6.18+||
+||setopt||see common socket:setopt||2.6.18+
 |-
-||getopt||see common socket:getopt||2.6.18+||
+||getopt||see common socket:getopt||2.6.18+
 |-
-||listen||see common socket:listen||2.6.18+||
+||listen||see common socket:listen||2.6.18+
 |-
-||setattr||see common socket:setattr||2.6.18+||
+||setattr||see common socket:setattr||2.6.18+
 |-
-||shutdown||see common socket:shutdown||2.6.18+||
+||shutdown||see common socket:shutdown||2.6.18+
 |-
-||relabelto||see common socket:relabelto||2.6.18+||
+||relabelto||see common socket:relabelto||2.6.18+
 |-
-||recv_msg||see common socket:recv_msg||2.6.18+||
+||recv_msg||see common socket:recv_msg||2.6.18+
 |-
-||accept||see common socket:accept||2.6.18+||
+||accept||see common socket:accept||2.6.18+
 |-
-||name_bind||see common socket:name_bind||2.6.18+||
+||name_bind||see common socket:name_bind||2.6.18+
 |}
 ! Kernel Version/Capability
 |-
-||sendto||Send to an IPSEC assocation.||2.6.12+||
+||sendto||Send to an IPSEC assocation.||2.6.12+
 |-
-||recvfrom||Receive from an IPSEC association.||2.6.12+||
+||recvfrom||Receive from an IPSEC association.||2.6.12+
 |-
-||setcontext||Set the context of an IPSEC association on creation.||2.6.16+||
+||setcontext||Set the context of an IPSEC association on creation.||2.6.16+
 |-
-||polmatch||Match an IPSEC policy entry||2.6.19+||
+||polmatch||Match an IPSEC policy entry||2.6.19+
 |}
 === blk_file ===
-Inherits from: [#commonfile common file]
+Inherits from: [[#common file|common file]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||getattr||see common file:getattr||
+||getattr||see common file:getattr
 |-
-||relabelto||see common file:relabelto||
+||relabelto||see common file:relabelto
 |-
-||unlink||see common file:unlink||
+||unlink||see common file:unlink
 |-
-||ioctl||see common file:ioctl||
+||ioctl||see common file:ioctl
 |-
-||execute||see common file:execute||
+||execute||see common file:execute
 |-
-||append||see common file:append||
+||append||see common file:append
 |-
-||read||see common file:read||
+||read||see common file:read
 |-
-||setattr||see common file:setattr||
+||setattr||see common file:setattr
 |-
-||swapon||see common file:swapon||
+||swapon||see common file:swapon
 |-
-||write||see common file:write||
+||write||see common file:write
 |-
-||lock||see common file:lock||
+||lock||see common file:lock
 |-
-||create||see common file:create||
+||create||see common file:create
 |-
-||rename||see common file:rename||
+||rename||see common file:rename
 |-
-||mounton||see common file:mounton||
+||mounton||see common file:mounton
 |-
-||quotaon||see common file:quotaon||
+||quotaon||see common file:quotaon
 |-
-||relabelfrom||see common file:relabelfrom||
+||relabelfrom||see common file:relabelfrom
 |-
-||link||see common file:link||
+||link||see common file:link
 |-
-||open||Open a block device file.||2.6.26+ / open_perms||
+||open||Open a block device file.||2.6.26+ / open_perms
 |}
 ! Kernel Version/Capability
 |-
-||chown||Allow changing file ownership and group ownership.||
+||chown||Override restrictions on changing file ownership and group ownership.
 |-
-||dac_override||Overrides all discretionary access control including ACL execute access if applicable. This does not include the access covered by LINUX_IMMUTABLE.||
+||dac_override||Override all DAC access restrictions. Checked before dac_read_search, so a dontaudit candidate.
 |-
-||dac_read_search||Overrides all discretionary access control for reading and searching directories.||
+||dac_read_search||Override DAC read/search access restrictions.
 |-
-||fowner||Grant all file operations otherwise restricted due to different ownership except where FSETID capability is applicable. DAC and MAC accesses are not overridden.||
+||fowner||Override all file owner requirements (e.g. for chmod, setxattr) except where fsetid applies.
 |-
-||fsetid||Overrides the restriction that the real or effective user ID of a process sending a signal must match the real or effective user ID of the process receiving the signal.||
+||fsetid||Override file owner and group requirements when setting setuid or setgid bits on a file.  Can be checked as a side effect on chmod and write operations; dontaudit candidate.
 |-
-||kill||Allow signal raising for any process.||
+||kill||Overrides the restriction that the real or effective user ID of a process sending a signal must match the real or effective user ID of the process receiving the signal.
 |-
-||setgid||Allow setgid(2) allow setgroups(2) allow fake gids on credentials passed over a socket.||
+||setgid||Allow setgid(2) or setgroups(2) or forged gids on credentials passed over a socket.
 |-
-||setuid||Allow all setsuid(2) type calls including fsuid. Allow passing of forged pids on credentials passed over a socket.||
+||setuid||Allow set*uid(2). Allow passing of forged ids on credentials passed over a socket.
 |-
-||setpcap||Transfer capability maps from current process to any process.||
+||setpcap||Add capability from bounding set to inheritable set, drop capability from bounding set, modify secure bits.
 |-
-||linux_immutable||Grant privilege to modify S_IMMUTABLE and S_APPEND file attributes on supporting filesystems.||
+||linux_immutable||Grant privilege to modify S_IMMUTABLE and S_APPEND file attributes on supporting filesystems.
 |-
-||net_bind_service||Allow low port binding. Port < 1024 for TCP/UDP. VCI < 32 for ATM.||
+||net_bind_service||Allow low port binding. Port < 1024 for TCP/UDP. VCI < 32 for ATM.
 |-
-||net_broadcast||Grant network broadcasting and listening to incoming multicasts.||
+||net_broadcast||Grant network broadcasting and listening to incoming multicasts.
 |-
-||net_admin||Allows all networking configurations and modifications. See linux/capability.h for details.||
+||net_admin||Allows all networking configurations and modifications. See linux/capability.h for details.
 |-
-||net_raw||Allows opening of raw sockets and packet sockets.||
+||net_raw||Allows opening of raw sockets and packet sockets.
 |-
-||ipc_lock||Grants the capability to lock non-shared and shared memory segments.||
+||ipc_lock||Allow locking shared memory segments and mlock/mlockall.
 |-
-||ipc_owner||Grant the ability to ignore IPC ownership checks.||
+||ipc_owner||Override IPC ownership checks.
 |-
-||sys_module||Allow unrestricted kernel modification including but not limited to loading and removing kernel modules. Allows modification of kernels bounding capability mask. See sysctl.||
+||sys_module||Allow unrestricted kernel modification including but not limited to loading and removing kernel modules. Allows modification of kernels bounding capability mask. See sysctl.
 |-
-||sys_rawio||Grant permission to use ioperm(2) and iopl(2) as well as the ability to send messages to USB devices via /proc/bus/usb.||
+||sys_rawio||Grant permission to use ioperm(2) and iopl(2) as well as the ability to send messages to USB devices via /proc/bus/usb.
 |-
-||sys_chroot||Grant use of the chroot(2) call.||
+||sys_chroot||Grant use of the chroot(2) call.
 |-
-||sys_ptrace||Allow a ptrace of any process.||
+||sys_ptrace||Allow a ptrace of any process.
 |-
-||sys_pacct||Allow modification of accounting for any process.||
+||sys_pacct||Allow modification of accounting for any process.
 |-
-||sys_admin||Too many to list here (see /usr/include/linux/capability.h)||
+||sys_admin||Too many to list here (see /usr/include/linux/capability.h)
 |-
-||sys_boot||Grant ability to reboot the system.||
+||sys_boot||Grant ability to reboot the system.
 |-
-||sys_nice||Grants privilage to change priority of any process. Grants change of scheduling algorithm used by any process.||
+||sys_nice||Grants privilege to change priority of any process. Grants change of scheduling algorithm used by any process.
 |-
-||sys_resource||Too many to list here (see /usr/include/linux/capability.h for details.)||
+||sys_resource||Too many to list here (see /usr/include/linux/capability.h for details.)
 |-
-||sys_time||Grant permission to set system time and to set the real-time lock.||
+||sys_time||Grant permission to set system time and to set the real-time lock.
 |-
-||sys_tty_config||Grant permission to configure tty devices. Allow vhangup(2) call on a tty.||
+||sys_tty_config||Grant permission to configure tty devices. Allow vhangup(2) call on a tty.
 |-
-||mknod||Grants permission to creation of character and block device nodes.||
+||mknod||Grants permission to creation of character and block device nodes.
 |-
-||lease||Grants ability to take leases on a file. For details on what leases are see fcntl(2).||
+||lease||Grants ability to take leases on a file. For details on what leases are see fcntl(2).
 |-
-||audit_write||Send audit messsages from user space.||2.6.12+||
+||audit_write||Generate audit messages from user space.||2.6.12+
 |-
-||audit_control||Change auditing rules. Set login UID.||2.6.12+||
+||audit_control||Control kernel audit configuration/rules. Set login UID.||2.6.12+
 |-
-||setfcap||Set file capabilities.||2.6.25+||
+||setfcap||Set file capabilities.||2.6.25+
 |}
 ! Kernel Version/Capability
 |-
-||mac_override||''Unused by SELinux''||2.6.25+||
+||mac_override||Override MAC restrictions - Ignored by SELinux||2.6.25+
+|-
+||mac_admin||Change MAC configuration - For SELinux, get/set raw security context values unknown to the current policy.||2.6.25+
+|-
+|| syslog||Configure kernel syslog subsystem||
+|-
+|| wake_alarm||Trigger something that will wake the system||
 |-
-||mac_admin||''Unused by SELinux''||2.6.25+||
+|| block_suspend|| Prevent system suspends||
 |}
 === chr_file ===
-Inherits from: [#commonfile common file]
+Inherits from: [[#common file|common file]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||getattr||see common file:getattr||
+||getattr||see common file:getattr
 |-
-||relabelto||see common file:relabelto||
+||relabelto||see common file:relabelto
 |-
-||unlink||see common file:unlink||
+||unlink||see common file:unlink
 |-
-||ioctl||see common file:ioctl||
+||ioctl||see common file:ioctl
 |-
-||execute||see common file:execute||
+||execute||see common file:execute
 |-
-||append||see common file:append||
+||append||see common file:append
 |-
-||read||see common file:read||
+||read||see common file:read
 |-
-||setattr||see common file:setattr||
+||setattr||see common file:setattr
 |-
-||swapon||see common file:swapon||
+||swapon||see common file:swapon
 |-
-||write||see common file:write||
+||write||see common file:write
 |-
-||lock||see common file:lock||
+||lock||see common file:lock
 |-
-||create||see common file:create||
+||create||see common file:create
 |-
-||rename||see common file:rename||
+||rename||see common file:rename
 |-
-||mounton||see common file:mounton||
+||mounton||see common file:mounton
 |-
-||quotaon||see common file:quotaon||
+||quotaon||see common file:quotaon
 |-
-||relabelfrom||see common file:relabelfrom||
+||relabelfrom||see common file:relabelfrom
 |-
-||link||see common file:link||
+||link||see common file:link
 |-
-||execute_no_trans||Execute a file in the callers domain.||2.6.11+||
+||execute_no_trans||Execute a file in the callers domain.||2.6.11+
 |-
-||entrypoint||Can be executed as the entry point of the new domain in a transition.||2.6.11+||
+||entrypoint||Can be executed as the entry point of the new domain in a transition.||2.6.11+
 |-
-||execmod||Make executable a file mapping that has been modified by copy-on-write.||2.6.11+||
+||execmod||Make executable a file mapping that has been modified by copy-on-write. (Text relocation)||2.6.11+
 |-
-||open||Open a character device file.||2.6.26+ / open_perms||
+||open||Open a character device file.||2.6.26+ / open_perms
 |}
 === dccp_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.20+||
+||append||see common socket:append||2.6.20+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.20+||
+||relabelfrom||see common socket:relabelfrom||2.6.20+
 |-
-||create||see common socket:create||2.6.20+||
+||create||see common socket:create||2.6.20+
 |-
-||read||see common socket:read||2.6.20+||
+||read||see common socket:read||2.6.20+
 |-
-||sendto||see common socket:sendto||2.6.20+||
+||sendto||see common socket:sendto||2.6.20+
 |-
-||connect||see common socket:connect||2.6.20+||
+||connect||see common socket:connect||2.6.20+
 |-
-||recvfrom||see common socket:recvfrom||2.6.20+||
+||recvfrom||see common socket:recvfrom||2.6.20+
 |-
-||send_msg||see	common socket:send_msg||2.6.20+||
+||send_msg||see	common socket:send_msg||2.6.20+
 |-
-||bind||see common socket:bind||2.6.20+||
+||bind||see common socket:bind||2.6.20+
 |-
-||lock||see common socket:lock||2.6.20+||
+||lock||see common socket:lock||2.6.20+
 |-
-||ioctl||see common socket:ioctl||2.6.20+||
+||ioctl||see common socket:ioctl||2.6.20+
 |-
-||getattr||see common socket:getattr||2.6.20+||
+||getattr||see common socket:getattr||2.6.20+
 |-
-||write||see common socket:write||2.6.20+||
+||write||see common socket:write||2.6.20+
 |-
-||setopt||see common socket:setopt||2.6.20+||
+||setopt||see common socket:setopt||2.6.20+
 |-
-||getopt||see common socket:getopt||2.6.20+||
+||getopt||see common socket:getopt||2.6.20+
 |-
-||listen||see common socket:listen||2.6.20+||
+||listen||see common socket:listen||2.6.20+
 |-
-||setattr||see common socket:setattr||2.6.20+||
+||setattr||see common socket:setattr||2.6.20+
 |-
-||shutdown||see common socket:shutdown||2.6.20+||
+||shutdown||see common socket:shutdown||2.6.20+
 |-
-||relabelto||see common socket:relabelto||2.6.20+||
+||relabelto||see common socket:relabelto||2.6.20+
 |-
-||recv_msg||see common socket:recv_msg||2.6.20+||
+||recv_msg||see common socket:recv_msg||2.6.20+
 |-
-||accept||see common socket:accept||2.6.20+||
+||accept||see common socket:accept||2.6.20+
 |-
-||name_bind||see common socket:name_bind||2.6.20+||
+||name_bind||see common socket:name_bind||2.6.20+
 |-
-||connectto||Connect to server socket.||2.6.20+||
+||connectto||Connect to server socket.||2.6.20+
 |-
-||newconn||Create new socket for connection.||2.6.20+||
+||newconn||Create new socket for connection.||2.6.20+
 |-
-||acceptfrom||Accept connection from client socket.||2.6.20+||
+||acceptfrom||Accept connection from client socket.||2.6.20+
 |-
-||node_bind||Ability to bind to a node.||2.6.20+||
+||node_bind||Ability to bind to a node.||2.6.20+
 |-
-||name_connect||Connect to a specific port number.||2.6.20+||
+||name_connect||Connect to a specific port number.||2.6.20+
 |}
 === dir ===
-Inherits from: [#commonfile common file]
+Inherits from: [[#common file|common file]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||getattr||see common file:getattr||
+||getattr||see common file:getattr
 |-
-||relabelto||see common file:relabelto||
+||relabelto||see common file:relabelto
 |-
-||unlink||see common file:unlink||
+||unlink||N/A
 |-
-||ioctl||see common file:ioctl||
+||ioctl||see common file:ioctl
 |-
-||execute||see common file:execute||
+||execute||N/A
 |-
-||append||see common file:append||
+||append||N/A
 |-
-||read||see common file:read||
+||read||see common file:read
 |-
-||setattr||see common file:setattr||
+||setattr||see common file:setattr
 |-
-||swapon||see common file:swapon||
+||swapon||N/A
 |-
-||write||see common file:write||
+||write||General write access; required for adding or removing
 |-
-||lock||see common file:lock||
+||lock||see common file:lock
 |-
-||create||see common file:create||
+||create||see common file:create
 |-
-||rename||see common file:rename||
+||rename||see common file:rename
 |-
-||mounton||see common file:mounton||
+||mounton||see common file:mounton
 |-
-||quotaon||see common file:quotaon||
+||quotaon||N/A
 |-
-||relabelfrom||see common file:relabelfrom||
+||relabelfrom||see common file:relabelfrom
 |-
-||link||see common file:link||
+||link||N/A
 |-
-||search||Search.||
+||search||Search access
 |-
-||rmdir||Remove.||
+||rmdir||Remove the directory
 |-
-||remove_name||Remove a file from the directory.||
+||remove_name||Remove a file from the directory.
 |-
-||reparent||Change parent directory.||
+||reparent||Rename into a different parent directory (.. change).
 |-
-||add_name||Add a file to the directory.||
+||add_name||Add a file to the directory.
 |-
-||open||Open a directory.||2.6.26+ / open_perms||
+||open||Open a directory.||2.6.26+ / open_perms
 |}
 ! Kernel Version/Capability
 |-
-||use||Permission to use an inherited file descriptor||
+||use||Permission to use an inherited file descriptor
 |}
 === fifo_file ===
-Inherits from: [#commonfile common file]
+Inherits from: [[#common file|common file]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||getattr||see common file:getattr||
+||getattr||see common file:getattr
 |-
-||relabelto||see common file:relabelto||
+||relabelto||see common file:relabelto
 |-
-||unlink||see common file:unlink||
+||unlink||see common file:unlink
 |-
-||ioctl||see common file:ioctl||
+||ioctl||see common file:ioctl
 |-
-||execute||see common file:execute||
+||execute||see common file:execute
 |-
-||append||see common file:append||
+||append||see common file:append
 |-
-||read||see common file:read||
+||read||see common file:read
 |-
-||setattr||see common file:setattr||
+||setattr||see common file:setattr
 |-
-||swapon||see common file:swapon||
+||swapon||see common file:swapon
 |-
-||write||see common file:write||
+||write||see common file:write
 |-
-||lock||see common file:lock||
+||lock||see common file:lock
 |-
-||create||see common file:create||
+||create||see common file:create
 |-
-||rename||see common file:rename||
+||rename||see common file:rename
 |-
-||mounton||see common file:mounton||
+||mounton||see common file:mounton
 |-
-||quotaon||see common file:quotaon||
+||quotaon||see common file:quotaon
 |-
-||relabelfrom||see common file:relabelfrom||
+||relabelfrom||see common file:relabelfrom
 |-
-||link||see common file:link||
+||link||see common file:link
 |-
-||open||Open a FIFO.||2.6.26+ / open_perms||
+||open||Open a FIFO.||2.6.26+ / open_perms
 |}
 === file ===
-Inherits from: [#commonfile common file]
+Inherits from: [[#common file|common file]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||getattr||see common file:getattr||
+||getattr||see common file:getattr
 |-
-||relabelto||see common file:relabelto||
+||relabelto||see common file:relabelto
 |-
-||unlink||see common file:unlink||
+||unlink||see common file:unlink
 |-
-||ioctl||see common file:ioctl||
+||ioctl||see common file:ioctl
 |-
-||execute||see common file:execute||
+||execute||see common file:execute
 |-
-||append||see common file:append||
+||append||see common file:append
 |-
-||read||see common file:read||
+||read||see common file:read
 |-
-||setattr||see common file:setattr||
+||setattr||see common file:setattr
 |-
-||swapon||see common file:swapon||
+||swapon||see common file:swapon
 |-
-||write||see common file:write||
+||write||see common file:write
 |-
-||lock||see common file:lock||
+||lock||see common file:lock
 |-
-||create||see common file:create||
+||create||see common file:create
 |-
-||rename||see common file:rename||
+||rename||see common file:rename
 |-
-||mounton||see common file:mounton||
+||mounton||see common file:mounton
 |-
-||quotaon||see common file:quotaon||
+||quotaon||see common file:quotaon
 |-
-||relabelfrom||see common file:relabelfrom||
+||relabelfrom||see common file:relabelfrom
 |-
-||link||see common file:link||
+||link||see common file:link
 |-
-||execute_no_trans||Execute a file in the callers domain.||
+||execute_no_trans||Execute a file in the callers domain.
 |-
-||entrypoint||Can be executed as the entry point of the new domain in a transition.||
+||entrypoint||Can be executed as the entry point of the new domain in a transition.
 |-
-||execmod||Make executable a file mapping that has been modified by copy-on-write.||2.6.11+||
+||execmod||Make executable a file mapping that has been modified by copy-on-write. (Text relocation)||2.6.11+
 |-
-||open||Open a file.||2.6.26+ / open_perms||
+||open||Open a file.||2.6.26+ / open_perms
 |}
 ! Kernel Version/Capability
 |-
-||mount||Mount the filesystem.||
+||mount||Mount the filesystem.
 |-
-||remount||Change filesystem mount flags.||
+||remount||Change filesystem mount flags.
 |-
-||unmount||Unmount the filesystem.||
+||unmount||Unmount the filesystem.
 |-
-||getattr||Get file attributes, such as access mode. (e.g. stat, some ioctls. ...)||
+||getattr||Get file attributes, such as access mode. (e.g. stat, some ioctls. ...)
 |-
-||relabelfrom||Change the security context based on existing type.||
+||relabelfrom||Change the security context based on existing type.
 |-
-||relabelto||Change the security context based on the new type.||
+||relabelto||Change the security context based on the new type.
 |-
-||transition||Transition to a new SID (change security context).||
+||transition||Transition to a new SID (change security context).
 |-
-||associate||Associate a file to the filesystem.||
+||associate||Associate a file to the filesystem.
 |-
-||quotamod||Modify quota information.||
+||quotamod||Modify quota information.
 |-
-||quotaget||Get quota information||
+||quotaget||Get quota information
 |}
 === ipc ===
-Inherits from: [#commonipc common ipc]
+Inherits from: [[#common ipc|common ipc]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||write||see common ipc:write||
+||write||see common ipc:write
 |-
-||destroy||see common ipc:destroy||
+||destroy||see common ipc:destroy
 |-
-||unix_write||see common ipc:unix_write||
+||unix_write||see common ipc:unix_write
 |-
-||getattr||see common ipc:getattr||
+||getattr||see common ipc:getattr
 |-
-||create||see common ipc:create||
+||create||see common ipc:create
 |-
-||read||see common ipc:read||
+||read||see common ipc:read
 |-
-||setattr||see common ipc:setattr||
+||setattr||see common ipc:setattr
 |-
-||unix_read||see common ipc:unix_read||
+||unix_read||see common ipc:unix_read
 |-
-||associate||see common ipc:associate||
+||associate||see common ipc:associate
 |}
 ! Kernel Version/Capability
 |-
-||use_as_override||Grant a process the right to nominate an alternate process security ID for the kernel to use as an override for the SELinux subjective security when accessing stuff on behalf of another process.||2.6.29+||
+||use_as_override||Grant a process the right to nominate an alternate process security ID for the kernel to use as an override for the SELinux subjective security when accessing stuff on behalf of another process.||2.6.29+
 |-
-||create_files_as||Grant a process the right to nominate a file creation label for a kernel service to use.||2.6.29+||
+||create_files_as||Grant a process the right to nominate a file creation label for a kernel service to use.||2.6.29+
 |}
 ! Kernel Version/Capability
 |-
-||view||||2.6.18+||
+||view||||2.6.18+
 |-
-||read||||2.6.18+||
+||read||||2.6.18+
 |-
-||write||||2.6.18+||
+||write||||2.6.18+
 |-
-||search||||2.6.18+||
+||search||||2.6.18+
 |-
-||link||||2.6.18+||
+||link||||2.6.18+
 |-
-||setattr||||2.6.18+||
+||setattr||||2.6.18+
 |-
-||create||||2.6.18+||
+||create||||2.6.18+
 |}
 === key_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |}
 === lnk_file ===
-Inherits from: [#commonfile common file]
+Inherits from: [[#common file|common file]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||getattr||see common file:getattr||
+||getattr||see common file:getattr
 |-
-||relabelto||see common file:relabelto||
+||relabelto||see common file:relabelto
 |-
-||unlink||see common file:unlink||
+||unlink||see common file:unlink
 |-
-||ioctl||see common file:ioctl||
+||ioctl||see common file:ioctl
 |-
-||execute||see common file:execute||
+||execute||see common file:execute
 |-
-||append||see common file:append||
+||append||see common file:append
 |-
-||read||see common file:read||
+||read||see common file:read
 |-
-||setattr||see common file:setattr||
+||setattr||see common file:setattr
 |-
-||swapon||see common file:swapon||
+||swapon||see common file:swapon
 |-
-||write||see common file:write||
+||write||see common file:write
 |-
-||lock||see common file:lock||
+||lock||see common file:lock
 |-
-||create||see common file:create||
+||create||see common file:create
 |-
-||rename||see common file:rename||
+||rename||see common file:rename
 |-
-||mounton||see common file:mounton||
+||mounton||see common file:mounton
 |-
-||quotaon||see common file:quotaon||
+||quotaon||see common file:quotaon
 |-
-||relabelfrom||see common file:relabelfrom||
+||relabelfrom||see common file:relabelfrom
 |-
-||link||see common file:link||
+||link||see common file:link
 |}
 ! Kernel Version/Capability
 |-
-||mmap_zero||Mmap the first page of memory.||2.6.23+||
+||mmap_zero||Mmap the first page of memory.||2.6.23+
 |}
 ! Kernel Version/Capability
 |-
-||receive||Remove a message from a queue.||
+||receive||Remove a message from a queue.
 |-
-||send||Add a message to a queue.||
+||send||Add a message to a queue.
 |}
 === msgq ===
-Inherits from: [#commonipc common ipc]
+Inherits from: [[#common ipc|common ipc]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||write||see common ipc:write||
+||write||see common ipc:write
 |-
-||destroy||see common ipc:destroy||
+||destroy||see common ipc:destroy
 |-
-||unix_write||see common ipc:unix_write||
+||unix_write||see common ipc:unix_write
 |-
-||getattr||see common ipc:getattr||
+||getattr||see common ipc:getattr
 |-
-||create||see common ipc:create||
+||create||see common ipc:create
 |-
-||read||see common ipc:read||
+||read||see common ipc:read
 |-
-||setattr||see common ipc:setattr||
+||setattr||see common ipc:setattr
 |-
-||unix_read||see common ipc:unix_read||
+||unix_read||see common ipc:unix_read
 |-
-||associate||see common ipc:associate||
+||associate||see common ipc:associate
 |-
-||enqueue||Message can be added to a queue.||
+||enqueue||Message can be added to a queue.
 |}
 ! Kernel Version/Capability
 |-
-||tcp_recv||Receive TCP packet.||
+||tcp_recv||Receive TCP packet.
 |-
-||tcp_send||Send TCP packet.||
+||tcp_send||Send TCP packet.
 |-
-||udp_recv||Receive UDP packet.||
+||udp_recv||Receive UDP packet.
 |-
-||udp_send||Send UDP packet.||
+||udp_send||Send UDP packet.
 |-
-||rawip_recv||Receive raw IP packet.||
+||rawip_recv||Receive raw IP packet.
 |-
-||rawip_send||Send raw IP packet.||
+||rawip_send||Send raw IP packet.
 |-
-||dccp_recv||Receive DCCP packet.||2.6.20+||
+||dccp_recv||Receive DCCP packet.||2.6.20+
 |-
-||dccp_send||Send DCCP packet.||2.6.20+||
+||dccp_send||Send DCCP packet.||2.6.20+
 |-
-||ingress||||2.6.25+ / network_peer_controls||
+||ingress||||2.6.25+ / network_peer_controls
 |-
-||egress||||2.6.25+ / network_peer_controls||
+||egress||||2.6.25+ / network_peer_controls
 |}
 === netlink_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |}
 === netlink_audit_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |-
-||nlmsg_read||Read netlink message.||2.6.8+||
+||nlmsg_read||Read audit subsystem state (e.g. AUDIT_GET).||2.6.8+
 |-
-||nlmsg_write||Write netlink message.||2.6.8+||
+||nlmsg_write||Write audit subsystem state (e.g. AUDIT_SET).||2.6.8+
 |-
-||nlmsg_relay||Send user space audit messages to the kernel audit system.||2.6.12+||
+||nlmsg_relay||Send user space audit messages to the kernel audit system.||2.6.12+
 |-
-||nlmsg_readpriv||List all auditing rules.||2.6.12+||
+||nlmsg_readpriv||Read security-sensitive audit subsystem state.||2.6.12+
 |-
-||nlmsg_tty_audit||Control TTY auditing||2.6.30+||
+||nlmsg_tty_audit||Control TTY auditing||2.6.30+
 |}
 === netlink_dnrt_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |}
 === netlink_firewall_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |-
-||nlmsg_read||Read netlink message.||2.6.8+||
+||nlmsg_read||Read firewall configuration state.||2.6.8+
 |-
-||nlmsg_write||Write netlink message.||2.6.8+||
+||nlmsg_write||Write firewall configuration state.||2.6.8+
 |}
 === netlink_ip6fw_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |-
-||nlmsg_read||Read netlink message.||2.6.8+||
+||nlmsg_read||Read netlink message.||2.6.8+
 |-
-||nlmsg_write||Write netlink message.||2.6.8+||
+||nlmsg_write||Write netlink message.||2.6.8+
 |}
 === netlink_kobject_uevent_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.12+||
+||append||see common socket:append||2.6.12+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.12+||
+||relabelfrom||see common socket:relabelfrom||2.6.12+
 |-
-||create||see common socket:create||2.6.12+||
+||create||see common socket:create||2.6.12+
 |-
-||read||see common socket:read||2.6.12+||
+||read||see common socket:read||2.6.12+
 |-
-||sendto||see common socket:sendto||2.6.12+||
+||sendto||see common socket:sendto||2.6.12+
 |-
-||connect||see common socket:connect||2.6.12+||
+||connect||see common socket:connect||2.6.12+
 |-
-||recvfrom||see common socket:recvfrom||2.6.12+||
+||recvfrom||see common socket:recvfrom||2.6.12+
 |-
-||send_msg||see	common socket:send_msg||2.6.12+||
+||send_msg||see	common socket:send_msg||2.6.12+
 |-
-||bind||see common socket:bind||2.6.12+||
+||bind||see common socket:bind||2.6.12+
 |-
-||lock||see common socket:lock||2.6.12+||
+||lock||see common socket:lock||2.6.12+
 |-
-||ioctl||see common socket:ioctl||2.6.12+||
+||ioctl||see common socket:ioctl||2.6.12+
 |-
-||getattr||see common socket:getattr||2.6.12+||
+||getattr||see common socket:getattr||2.6.12+
 |-
-||write||see common socket:write||2.6.12+||
+||write||see common socket:write||2.6.12+
 |-
-||setopt||see common socket:setopt||2.6.12+||
+||setopt||see common socket:setopt||2.6.12+
 |-
-||getopt||see common socket:getopt||2.6.12+||
+||getopt||see common socket:getopt||2.6.12+
 |-
-||listen||see common socket:listen||2.6.12+||
+||listen||see common socket:listen||2.6.12+
 |-
-||setattr||see common socket:setattr||2.6.12+||
+||setattr||see common socket:setattr||2.6.12+
 |-
-||shutdown||see common socket:shutdown||2.6.12+||
+||shutdown||see common socket:shutdown||2.6.12+
 |-
-||relabelto||see common socket:relabelto||2.6.12+||
+||relabelto||see common socket:relabelto||2.6.12+
 |-
-||recv_msg||see common socket:recv_msg||2.6.12+||
+||recv_msg||see common socket:recv_msg||2.6.12+
 |-
-||accept||see common socket:accept||2.6.12+||
+||accept||see common socket:accept||2.6.12+
 |-
-||name_bind||see common socket:name_bind||2.6.12+||
+||name_bind||see common socket:name_bind||2.6.12+
 |}
 === netlink_nflog_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |}
 === netlink_route_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |-
-||nlmsg_read||Read netlink message.||2.6.8+||
+||nlmsg_read||Read route configuration state.||2.6.8+
 |-
-||nlmsg_write||Write netlink message.||2.6.8+||
+||nlmsg_write||Write route configuration state.||2.6.8+
 |}
 === netlink_selinux_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |}
 === netlink_tcpdiag_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |-
-||nlmsg_read||Read netlink message.||2.6.8+||
+||nlmsg_read||Read tcp diagnostics.||2.6.8+
 |-
-||nlmsg_write||Write netlink message.||2.6.8+||
+||nlmsg_write||Unused.||2.6.8+
 |}
 === netlink_xfrm_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||2.6.8+||
+||append||see common socket:append||2.6.8+
 |-
-||relabelfrom||see common socket:relabelfrom||2.6.8+||
+||relabelfrom||see common socket:relabelfrom||2.6.8+
 |-
-||create||see common socket:create||2.6.8+||
+||create||see common socket:create||2.6.8+
 |-
-||read||see common socket:read||2.6.8+||
+||read||see common socket:read||2.6.8+
 |-
-||sendto||see common socket:sendto||2.6.8+||
+||sendto||see common socket:sendto||2.6.8+
 |-
-||connect||see common socket:connect||2.6.8+||
+||connect||see common socket:connect||2.6.8+
 |-
-||recvfrom||see common socket:recvfrom||2.6.8+||
+||recvfrom||see common socket:recvfrom||2.6.8+
 |-
-||send_msg||see	common socket:send_msg||2.6.8+||
+||send_msg||see	common socket:send_msg||2.6.8+
 |-
-||bind||see common socket:bind||2.6.8+||
+||bind||see common socket:bind||2.6.8+
 |-
-||lock||see common socket:lock||2.6.8+||
+||lock||see common socket:lock||2.6.8+
 |-
-||ioctl||see common socket:ioctl||2.6.8+||
+||ioctl||see common socket:ioctl||2.6.8+
 |-
-||getattr||see common socket:getattr||2.6.8+||
+||getattr||see common socket:getattr||2.6.8+
 |-
-||write||see common socket:write||2.6.8+||
+||write||see common socket:write||2.6.8+
 |-
-||setopt||see common socket:setopt||2.6.8+||
+||setopt||see common socket:setopt||2.6.8+
 |-
-||getopt||see common socket:getopt||2.6.8+||
+||getopt||see common socket:getopt||2.6.8+
 |-
-||listen||see common socket:listen||2.6.8+||
+||listen||see common socket:listen||2.6.8+
 |-
-||setattr||see common socket:setattr||2.6.8+||
+||setattr||see common socket:setattr||2.6.8+
 |-
-||shutdown||see common socket:shutdown||2.6.8+||
+||shutdown||see common socket:shutdown||2.6.8+
 |-
-||relabelto||see common socket:relabelto||2.6.8+||
+||relabelto||see common socket:relabelto||2.6.8+
 |-
-||recv_msg||see common socket:recv_msg||2.6.8+||
+||recv_msg||see common socket:recv_msg||2.6.8+
 |-
-||accept||see common socket:accept||2.6.8+||
+||accept||see common socket:accept||2.6.8+
 |-
-||name_bind||see common socket:name_bind||2.6.8+||
+||name_bind||see common socket:name_bind||2.6.8+
 |-
-||nlmsg_read||Read netlink message.||2.6.8+||
+||nlmsg_read||Read xfrm configuration state.||2.6.8+
 |-
-||nlmsg_write||Write netlink message.||2.6.8+||
+||nlmsg_write||Write xfrm configuration state.||2.6.8+
 |}
 ! Kernel Version/Capability
 |-
-||tcp_recv||Receive TCP packet.||
+||tcp_recv||Receive TCP packet.
 |-
-||tcp_send||Send TCP packet.||
+||tcp_send||Send TCP packet.
 |-
-||udp_recv||Receive UDP packet.||
+||udp_recv||Receive UDP packet.
 |-
-||udp_send||Send UDP packet.||
+||udp_send||Send UDP packet.
 |-
-||rawip_recv||Receive raw IP packet.||
+||rawip_recv||Receive raw IP packet.
 |-
-||rawip_send||Send raw IP packet.||
+||rawip_send||Send raw IP packet.
 |-
-||enforce_dest||Ensure that the destination node can enforce restrictions on the destination socket.||
+||enforce_dest||Ensure that the destination node can enforce restrictions on the destination socket.
 |-
-||dccp_recv||Receive DCCP packet.||2.6.20+||
+||dccp_recv||Receive DCCP packet.||2.6.20+
 |-
-||dccp_send||Send DCCP packet.||2.6.20+||
+||dccp_send||Send DCCP packet.||2.6.20+
 |-
-||recvfrom||||2.6.25+ / network_peer_controls||
+||recvfrom||||2.6.25+ / network_peer_controls
 |-
-||sendto||||2.6.25+ / network_peer_controls||
+||sendto||||2.6.25+ / network_peer_controls
 |}
 ! Kernel Version/Capability
 |-
-||send||Send a packet.||2.6.18+||
+||send||Send a packet.||2.6.18+
 |-
-||receive||Receive a packet.||2.6.18+||
+||receive||Receive a packet.||2.6.18+
 |-
-||relabelto||Set a labeling rule to the specified type.||2.6.18+||
+||relabelto||Set a labeling rule to the specified type.||2.6.18+
 |-
-||flow_in||''Deprecated''||2.6.25+||
+||flow_in||''Deprecated''||2.6.25+
 |-
-||flow_out||''Deprecated''||2.6.25+||
+||flow_out||''Deprecated''||2.6.25+
 |-
-||forward_in||||2.6.25+||
+||forward_in||||2.6.25+
 |-
-||forward_out||||2.6.25+||
+||forward_out||||2.6.25+
 |}
 === packet_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |}
 ! Kernel Version/Capability
 |-
-||recv||Receive from a labeled networking peer.||2.6.25+ / network_peer_controls||
+||recv||Receive from a labeled networking peer.||2.6.25+ / network_peer_controls
 |}
 ! Kernel Version/Capability
 |-
-||fork||Fork into two processes.||
+||fork||Fork into two processes.
 |-
-||transition||Transition to a new context on exec().||
+||transition||Transition to a new context on exec().
 |-
-||sigchld||Send SIGCHLD signal.||
+||sigchld||Send SIGCHLD signal.
 |-
-||sigkill||Send SIGKILL signal.||
+||sigkill||Send SIGKILL signal.
 |-
-||sigstop||Send SIGSTOP signal||
+||sigstop||Send SIGSTOP signal
 |-
-||signull||Test for exisitence of another process without sending a signal||
+||signull||Test for exisitence of another process without sending a signal
 |-
-||signal||Send a signal other than SIGKILL, SIGSTOP, or SIGCHLD.||
+||signal||Send a signal other than SIGKILL, SIGSTOP, or SIGCHLD.
 |-
-||ptrace||Trace program execution of parent or child.||
+||ptrace||Attach to another process for tracing.
 |-
-||getsched||Get priority of a process.||
+||getsched||Get priority of a process.
 |-
-||setsched||Set priority of a process.||
+||setsched||Set priority of a process.
 |-
-||getsession||Get session ID of another process.||
+||getsession||Get session ID of another process.
 |-
-||getpgid||Get group Process ID of a process.||
+||getpgid||Get group Process ID of a process.
 |-
-||setpgid||Set group Process ID of a process.||
+||setpgid||Set group Process ID of a process.
 |-
-||getcap||Get Linux capabilities.||
+||getcap||Get Linux capabilities.
 |-
-||setcap||Set Linux capabilities.||
+||setcap||Set Linux capabilities.
 |-
-||share||Allow state sharing with cloned or forked process.||
+||share||Allow state sharing with cloned or forked process.
 |-
-||getattr||Get attributes of a file.||
+||getattr||Get attributes of a file.
 |-
-||setexec||Override the default context for the next exec().||
+||setexec||Override the default context for the next exec().
 |-
-||setfscreate||Override the default context for file creation.||
+||setfscreate||Override the default context for file creation.
 |-
-||setrlimit||Change process hard limits.||
+||setrlimit||Change process hard limits.
 |-
-||noatsecure||Disable secure mode environment cleansing (AT_SECURE).||v.16+||
+||noatsecure||Disable secure mode environment cleansing (AT_SECURE).||v.16+
 |-
-||siginh||Inherit signal state from old sid.||v.16+||
+||siginh||Inherit signal state from caller.||v.16+
 |-
-||rlimitinh||Inherit resource limits from old sid.||v.16+||
+||rlimitinh||Inherit resource limits from caller.||v.16+
 |-
-||dyntransition||Dynamically transition to a new context.||2.6.11+||
+||dyntransition||Dynamically transition to a new context.||2.6.11+
 |-
-||setcurrent||Set the current process context.||2.6.11+||
+||setcurrent||Set the current process context.||2.6.11+
 |-
-||execmem||Make executable an anonymous mapping or private file mapping that is writable.||2.6.13+||
+||execmem||Make executable an anonymous mapping or private file mapping that is writable.||2.6.13+
 |-
-||execstack||Make the main process stack executable.||2.6.13+||
+||execstack||Make the main process stack executable.||2.6.13+
 |-
-||execheap||Make the heap executable.||2.6.13+||
+||execheap||Make the heap executable.||2.6.13+
 |-
-||setkeycreate||Override the default context for key creation.||2.6.18+||
+||setkeycreate||Override the default context for key creation.||2.6.18+
 |-
-||setsockcreate||Override the default context for socket creation.||2.6.18+||
+||setsockcreate||Override the default context for socket creation.||2.6.18+
 |}
 === rawip_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |-
-||node_bind||Ability to bind to a node.||v.17+||
+||node_bind||Ability to bind to a node.||v.17+
 |}
 ! Kernel Version/Capability
 |-
-||compute_user||Get user info in selinuxfs.||
+||compute_user||Get user info in selinuxfs.
 |-
-||compute_relabel||Get relabel info in selinuxfs.||
+||compute_relabel||Get relabel info in selinuxfs.
 |-
-||compute_create||Get create info in selinuxfs.||
+||compute_create||Get create info in selinuxfs.
 |-
-||compute_av||Compute an access vector given a source/target/class.||
+||compute_av||Compute an access vector given a source/target/class.
 |-
-||compute_member||Determines the context to use when selecting a member of a polyinstantiated object.||
+||compute_member||Determines the context to use when selecting a member of a polyinstantiated object.
 |-
-||setenforce||Change the enforcement state of SELinux.||
+||setenforce||Change the enforcement state of SELinux.
 |-
-||check_context||Write context in selinuxfs.||
+||check_context||Write context in selinuxfs.
 |-
-||load_policy||Load the security policy.||
+||load_policy||Load the security policy.
 |-
-||setbool||Set a boolean value.||2.6.5+||
+||setbool||Set a boolean value.||2.6.5+
 |-
-||setsecparam||Set kernel access vector cache tuning parameters.||2.6.11+||
+||setsecparam||Set kernel access vector cache tuning parameters.||2.6.11+
 |-
-||setcheckreqprot||Set if SELinux will check original protection mode or modified protection mode (read-implies-exec) for mmap/mprotect.||2.6.12+||
+||setcheckreqprot||Set if SELinux will check original protection mode or modified protection mode (read-implies-exec) for mmap/mprotect.||2.6.12+
 |}
 === sem ===
-Inherits from: [#commonipc common ipc]
+Inherits from: [[#common ipc|common ipc]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||write||see common ipc:write||
+||write||see common ipc:write
 |-
-||destroy||see common ipc:destroy||
+||destroy||see common ipc:destroy
 |-
-||unix_write||see common ipc:unix_write||
+||unix_write||see common ipc:unix_write
 |-
-||getattr||see common ipc:getattr||
+||getattr||see common ipc:getattr
 |-
-||create||see common ipc:create||
+||create||see common ipc:create
 |-
-||read||see common ipc:read||
+||read||see common ipc:read
 |-
-||setattr||see common ipc:setattr||
+||setattr||see common ipc:setattr
 |-
-||unix_read||see common ipc:unix_read||
+||unix_read||see common ipc:unix_read
 |-
-||associate||see common ipc:associate||
+||associate||see common ipc:associate
 |}
 === shm ===
-Inherits from: [#commonipc common ipc]
+Inherits from: [[#common ipc|common ipc]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||write||see common ipc:write||
+||write||see common ipc:write
 |-
-||destroy||see common ipc:destroy||
+||destroy||see common ipc:destroy
 |-
-||unix_write||see common ipc:unix_write||
+||unix_write||see common ipc:unix_write
 |-
-||getattr||see common ipc:getattr||
+||getattr||see common ipc:getattr
 |-
-||create||see common ipc:create||
+||create||see common ipc:create
 |-
-||read||see common ipc:read||
+||read||see common ipc:read
 |-
-||setattr||see common ipc:setattr||
+||setattr||see common ipc:setattr
 |-
-||unix_read||see common ipc:unix_read||
+||unix_read||see common ipc:unix_read
 |-
-||associate||see common ipc:associate||
+||associate||see common ipc:associate
 |-
-||lock||(Un)lock page(s) in memory.||
+||lock||(Un)lock page(s) in memory.
 |}
 === sock_file ===
-Inherits from: [#commonfile common file]
+Inherits from: [[#common file|common file]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||getattr||see common file:getattr||
+||getattr||see common file:getattr
 |-
-||relabelto||see common file:relabelto||
+||relabelto||see common file:relabelto
 |-
-||unlink||see common file:unlink||
+||unlink||see common file:unlink
 |-
-||ioctl||see common file:ioctl||
+||ioctl||see common file:ioctl
 |-
-||execute||see common file:execute||
+||execute||see common file:execute
 |-
-||append||see common file:append||
+||append||see common file:append
 |-
-||read||see common file:read||
+||read||see common file:read
 |-
-||setattr||see common file:setattr||
+||setattr||see common file:setattr
 |-
-||swapon||see common file:swapon||
+||swapon||see common file:swapon
 |-
-||write||see common file:write||
+||write||see common file:write
 |-
-||lock||see common file:lock||
+||lock||see common file:lock
 |-
-||create||see common file:create||
+||create||see common file:create
 |-
-||rename||see common file:rename||
+||rename||see common file:rename
 |-
-||mounton||see common file:mounton||
+||mounton||see common file:mounton
 |-
-||quotaon||see common file:quotaon||
+||quotaon||see common file:quotaon
 |-
-||relabelfrom||see common file:relabelfrom||
+||relabelfrom||see common file:relabelfrom
 |-
-||link||see common file:link||
+||link||see common file:link
 |-
-||open||Open a named socket file.||2.6.26+ / open_perms||
+||open||Open a named socket file.||2.6.26+ / open_perms
 |}
 === socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |}
 ! Kernel Version/Capability
 |-
-||ipc_info||Get info for an ipc socket.||
+||ipc_info||Get info for an ipc socket.
 |-
-||syslog_mod||Perform syslog operation other than syslog_read or console logging.||
+||syslog_mod||Perform syslog operation other than syslog_read or console logging.
 |-
-||syslog_read||Perform syslog read.||
+||syslog_read||Perform syslog read.
 |-
-||syslog_console||Perform syslog console.||
+||syslog_console||Perform syslog console.
 |}
 === tcp_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |-
-||connectto||Connect to server socket.||
+||connectto||Connect to server socket.
 |-
-||newconn||Create new socket for connection.||
+||newconn||Create new socket for connection.
 |-
-||acceptfrom||Accept connection from client socket.||
+||acceptfrom||Accept connection from client socket.
 |-
-||node_bind||Ability to bind to a node.||2.6.2+||
+||node_bind||Ability to bind to a node.||2.6.2+
 |-
-||name_connect||Connect to a specific port number.||2.6.12+||
+||name_connect||Connect to a specific port number.||2.6.12+
+|}
+=== tun_socket ===
+Inherits from: [[#common socket|common socket]]
+{| border="1"
+! Permission
+! Description
+! Kernel Version/Capability
+|-
+||append||see common socket:append||2.6.32+
+|-
+||relabelfrom||see common socket:relabelfrom||2.6.32+
+|-
+||create||see common socket:create||2.6.32+
+|-
+||read||see common socket:read||2.6.32+
+|-
+||sendto||see common socket:sendto||2.6.32+
+|-
+||connect||see common socket:connect||2.6.32+
+|-
+||recvfrom||see common socket:recvfrom||2.6.32+
+|-
+||send_msg||see	common socket:send_msg||2.6.32+
+|-
+||bind||see common socket:bind||2.6.32+
+|-
+||lock||see common socket:lock||2.6.32+
+|-
+||ioctl||see common socket:ioctl||2.6.32+
+|-
+||getattr||see common socket:getattr||2.6.32+
+|-
+||write||see common socket:write||2.6.32+
+|-
+||setopt||see common socket:setopt||2.6.32+
+|-
+||getopt||see common socket:getopt||2.6.32+
+|-
+||listen||see common socket:listen||2.6.32+
+|-
+||setattr||see common socket:setattr||2.6.32+
+|-
+||shutdown||see common socket:shutdown||2.6.32+
+|-
+||relabelto||see common socket:relabelto||2.6.32+
+|-
+||recv_msg||see common socket:recv_msg||2.6.32+
+|-
+||accept||see common socket:accept||2.6.32+
+|-
+||name_bind||see common socket:name_bind||2.6.32+
 |}
 === udp_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |-
-||node_bind||Ability to bind to a node.||2.6.2+||
+||node_bind||Ability to bind to a node.||2.6.2+
 |}
 === unix_dgram_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |}
 === unix_stream_socket ===
-Inherits from: [#commonsocket common socket]
+Inherits from: [[#common socket|common socket]]
 {| border="1"
 ! Permission
 ! Kernel Version/Capability
 |-
-||append||see common socket:append||
+||append||see common socket:append
 |-
-||relabelfrom||see common socket:relabelfrom||
+||relabelfrom||see common socket:relabelfrom
 |-
-||create||see common socket:create||
+||create||see common socket:create
 |-
-||read||see common socket:read||
+||read||see common socket:read
 |-
-||sendto||see common socket:sendto||
+||sendto||see common socket:sendto
 |-
-||connect||see common socket:connect||
+||connect||see common socket:connect
 |-
-||recvfrom||see common socket:recvfrom||
+||recvfrom||see common socket:recvfrom
 |-
-||send_msg||see	common socket:send_msg||
+||send_msg||see	common socket:send_msg
 |-
-||bind||see common socket:bind||
+||bind||see common socket:bind
 |-
-||lock||see common socket:lock||
+||lock||see common socket:lock
 |-
-||ioctl||see common socket:ioctl||
+||ioctl||see common socket:ioctl
 |-
-||getattr||see common socket:getattr||
+||getattr||see common socket:getattr
 |-
-||write||see common socket:write||
+||write||see common socket:write
 |-
-||setopt||see common socket:setopt||
+||setopt||see common socket:setopt
 |-
-||getopt||see common socket:getopt||
+||getopt||see common socket:getopt
 |-
-||listen||see common socket:listen||
+||listen||see common socket:listen
 |-
-||setattr||see common socket:setattr||
+||setattr||see common socket:setattr
 |-
-||shutdown||see common socket:shutdown||
+||shutdown||see common socket:shutdown
 |-
-||relabelto||see common socket:relabelto||
+||relabelto||see common socket:relabelto
 |-
-||recv_msg||see common socket:recv_msg||
+||recv_msg||see common socket:recv_msg
 |-
-||accept||see common socket:accept||
+||accept||see common socket:accept
 |-
-||name_bind||see common socket:name_bind||
+||name_bind||see common socket:name_bind
 |-
-||connectto||Connect to server socket.||
+||connectto||Connect to server socket.
 |-
-||newconn||Create new socket for connection.||
+||newconn||Create new socket for connection.
 |-
-||acceptfrom||Accept connection from client socket.||
+||acceptfrom||Accept connection from client socket.
 |}
 == Database Object Classes ==
 === db_blob ===
-Inherits from: [#commondatabase common database]
+Inherits from: [[#common database|common database]]
 {| border="1"
 ! Permission
 ! Description
 |-
-||read||Read a blob.||
+||read||Read a blob.
 |-
-||write||Write a blob.||
+||write||Write a blob.
 |-
-||import||Import a blob.||
+||import||Import a blob.
 |-
-||export||Export a blob.||
+||export||Export a blob.
 |}
 === db_column ===
-Inherits from: [#commondatabase common database]
+Inherits from: [[#common database|common database]]
 {| border="1"
 ! Permission
 ! Description
 |-
-||use||''Deprecated''||
+||use||''Deprecated''
 |-
-||select||
+||select
 |-
-||update||
+||update
 |-
-||insert||
+||insert
 |}
 === db_database ===
-Inherits from: [#commondatabase common database]
+Inherits from: [[#common database|common database]]
 {| border="1"
 ! Permission
 ! Description
 |-
-||access||
+||access
 |-
-||install_module||
+||install_module
 |-
-||load_module||
+||load_module
 |-
-||get_param||''Deprecated''||
+||get_param||''Deprecated''
 |-
-||set_param||''Deprecated''||
+||set_param||''Deprecated''
 |}
 === db_procedure ===
-Inherits from: [#commondatabase common database]
+Inherits from: [[#common database|common database]]
 {| border="1"
 ! Permission
 ! Description
 |-
-||execute||Execute a stored procedure.||
+||execute||Execute a stored procedure.
 |-
-||entrypoint||
+||entrypoint
 |-
-||install||
+||install
 |}
 === db_table ===
-Inherits from: [#commondatabase common database]
+Inherits from: [[#common database|common database]]
 {| border="1"
 ! Permission
 ! Description
 |-
-||use||''Deprecated''||
+||use||''Deprecated''
 |-
-||select||
+||select
 |-
-||update||
+||update
 |-
-||insert||
+||insert
 |-
-||delete||
+||delete
 |-
-||lock||
+||lock
 |}
 ! Description
 |-
-||relabelfrom||
+||relabelfrom
 |-
-||relabelto||
+||relabelto
 |-
-||use||''Deprecated''||
+||use||''Deprecated''
 |-
-||select||
+||select
 |-
-||update||
+||update
 |-
-||insert||
+||insert
 |-
-||delete||
+||delete
 |}
 ! Description
 |-
-||acquire_svc||
+||acquire_svc
 |-
-||send_msg||Send a message on the bus.||
+||send_msg||Send a message on the bus.
 |}
 ! Description
 |-
-||translate||Translate a raw MLS label.||
+||translate||Translate a raw MLS label.
 |-
-||contains||Calculate a MLS subset.||
+||contains||Calculate a MLS subset.
 |}
 ! Description
 |-
-||getpwd||
+||getpwd
 |-
-||getgrp||
+||getgrp
 |-
-||gethost||
+||gethost
 |-
-||getstat||
+||getstat
 |-
-||admin||
+||admin
 |-
-||shmempwd||
+||shmempwd
 |-
-||shmemgrp||
+||shmemgrp
 |-
-||shmemhost||
+||shmemhost
 |-
-||getserv||
+||getserv
 |-
-||shmemserv||
+||shmemserv
 |}
 ! Description
 |-
-||passwd||Update user password.||
+||passwd||Update user password.
 |-
-||chfn||Change finger information. e.g real name, work room and phone and home phone.||
+||chfn||Change finger information. e.g real name, work room and phone and home phone.
 |-
-||chsh||Change login shell.||
+||chsh||Change login shell.
 |-
-||rootok||Allow update if the user is root and the process has the rootok PAM permission.||
+||rootok||Allow update if the user is root and the process has the rootok PAM permission.
 |-
-||crontab||crontab on another user.||
+||crontab||crontab on another user.
 |}
 ! Description
 |-
-||paste||
+||paste
 |-
-||paste_after_confirm||
+||paste_after_confirm
 |-
-||copy||
+||copy
 |}
 ! Description
 |-
-||destroy||Close down a client.||
+||destroy||Close down a client.
 |-
-||getattr||Get the attributes of an X client||
+||getattr||Get the attributes of an X client
 |-
-||setattr||Set the attributes of an X client||
+||setattr||Set the attributes of an X client
 |-
-||manage||
+||manage
 |}
 ! Description
 |-
-||create||Create a new Colormap.||
+||create||Create a new Colormap.
 |-
-||destroy||Free a Colormap.||
+||destroy||Free a Colormap.
 |-
-||read||Read color cells of colormap.||
+||read||Read color cells of colormap.
 |-
-||write||
+||write
 |-
-||getattr||Get the color gamut of a screen.||
+||getattr||Get the color gamut of a screen.
 |-
-||add_color||
+||add_color
 |-
-||remove_color||
+||remove_color
 |-
-||install||Copy a virtual colormap into the display hardware.||
+||install||Copy a virtual colormap into the display hardware.
 |-
-||uninstall||Remove a virtual colormap from the display hardware.||
+||uninstall||Remove a virtual colormap from the display hardware.
 |-
-||use||
+||use
 |}
 ! Description
 |-
-||create||Create an arbitrary cursor object.||
+||create||Create an arbitrary cursor object.
 |-
-||destroy||Delete a cursor object.||
+||destroy||Delete a cursor object.
 |-
-||read||
+||read
 |-
-||write||
+||write
 |-
-||getattr||Get attributes of the cursor.||
+||getattr||Get attributes of the cursor.
 |-
-||setattr||Set attributes of the cursor.||
+||setattr||Set attributes of the cursor.
 |-
-||use||Associate a cursor object with a window.||
+||use||Associate a cursor object with a window.
 |}
 === x_device ===
+Inherits from: [[#common x_device|common x_device]]
 {| border="1"
 ! Permission
 ! Description
 |-
-||getattr||
+||getattr||see common x_device: getattr
 |-
-||setattr||
+||setattr||see common x_device: setattr
 |-
-||use||
+||use||see common x_device: use
 |-
-||read||
+||read||see common x_device: read
 |-
-||write||
+||write||see common x_device: write
 |-
-||getfocus||
+||getfocus||see common x_device: getfocus
 |-
-||setfocus||
+||setfocus||see common x_device: setfocus
 |-
-||bell||
+||bell||see common x_device: bell
 |-
-||force_cursor||
+||force_cursor||see common x_device: force_cursor
 |-
-||freeze||
+||freeze||see common x_device: freeze
 |-
-||grab||
+||grab||see common x_device: grab
 |-
-||manage||
+||manage||see common x_device: manage
 |-
-||list_property||
+||list_property||see common x_device: list_property
 |-
-||get_property||
+||get_property||see common x_device: get_property
 |-
-||set_property||
+||set_property||see common x_device: set_property
 |-
-||add||
+||add||see common x_device: add
 |-
-||remove||
+||remove||see common x_device: remove
 |}
 ! Description
 |-
-||create||Create a Drawable object.||
+||create||Create a Drawable object.
 |-
-||destroy||Destroy a Drawable.||
+||destroy||Destroy a Drawable.
 |-
-||read||
+||read
 |-
-||write||
+||write
 |-
-||blend||
+||blend
 |-
-||getattr||Get attributes of a Drawable object||
+||getattr||Get attributes of a Drawable object
 |-
-||setattr||Set attributes of a Drawable object||
+||setattr||Set attributes of a Drawable object
 |-
-||list_child||
+||list_child
 |-
-||add_child||
+||add_child
 |-
-||remove_child||
+||remove_child
 |-
-||list_property||
+||list_property
 |-
-||get_property||
+||get_property
 |-
-||set_property||
+||set_property
 |-
-||manage||
+||manage
 |-
-||override||
+||override
 |-
-||show||
+||show
 |-
-||hide||
+||hide
 |-
-||send||
+||send
 |-
-||receive||
+||receive
 |}
 ! Description
 |-
-||send||
+||send
 |-
-||receive||
+||receive
 |}
 ! Description
 |-
-||query||
+||query
 |-
-||use||
+||use
 |}
 ! Description
 |-
-||create||Load a font.||
+||create||Load a font.
 |-
-||destroy||Free (dereference) a font.||
+||destroy||Free (dereference) a font.
 |-
-||getattr||Obtain font names, path, etc.||
+||getattr||Obtain font names, path, etc.
 |-
-||add_glyph||
+||add_glyph
 |-
-||remove_glyph||
+||remove_glyph
 |-
-||use||Use a font for drawing.||
+||use||Use a font for drawing.
 |}
 ! Description
 |-
-||create||Create Graphic Contexts object.||
+||create||Create Graphic Contexts object.
+|-
+||destroy||Free (dereference) a Graphics Contexts object.
+|-
+||getattr||Get attributes for Graphic Contexts object.
+|-
+||setattr||Set attributes for Graphic Contexts object.
+|-
+||use
+|}
+=== x_keyboard ===
+Inherits from: [[#common x_device|common x_device]]
+{| border="1"
+! Permission
+! Description
+|-
+||getattr||see common x_device: getattr
+|-
+||setattr||see common x_device: setattr
+|-
+||use||see common x_device: use
+|-
+||read||see common x_device: read
+|-
+||write||see common x_device: write
+|-
+||getfocus||see common x_device: getfocus
+|-
+||setfocus||see common x_device: setfocus
+|-
+||bell||see common x_device: bell
+|-
+||force_cursor||see common x_device: force_cursor
+|-
+||freeze||see common x_device: freeze
+|-
+||grab||see common x_device: grab
+|-
+||manage||see common x_device: manage
+|-
+||list_property||see common x_device: list_property
+|-
+||get_property||see common x_device: get_property
+|-
+||set_property||see common x_device: set_property
+|-
+||add||see common x_device: add
+|-
+||remove||see common x_device: remove
+|}
+=== x_pointer ===
+Inherits from: [[#common x_device|common x_device]]
+{| border="1"
+! Permission
+! Description
+|-
+||getattr||see common x_device: getattr
+|-
+||setattr||see common x_device: setattr
+|-
+||use||see common x_device: use
+|-
+||read||see common x_device: read
+|-
+||write||see common x_device: write
+|-
+||getfocus||see common x_device: getfocus
+|-
+||setfocus||see common x_device: setfocus
+|-
+||bell||see common x_device: bell
+|-
+||force_cursor||see common x_device: force_cursor
+|-
+||freeze||see common x_device: freeze
+|-
+||grab||see common x_device: grab
+|-
+||manage||see common x_device: manage
+|-
+||list_property||see common x_device: list_property
 |-
-||destroy||Free (dereference) a Graphics Contexts object.||
+||get_property||see common x_device: get_property
 |-
-||getattr||Get attributes for Graphic Contexts object.||
+||set_property||see common x_device: set_property
 |-
-||setattr||Set attributes for Graphic Contexts object.||
+||add||see common x_device: add
 |-
-||use||
+||remove||see common x_device: remove
 |}
 ! Description
 |-
-||create||Create property object.||
+||create||Create property object.
 |-
-||destroy||Free (dereference) a property object.||
+||destroy||Free (dereference) a property object.
 |-
-||read||Read a property.||
+||read||Read a property.
 |-
-||write||Write a property.||
+||write||Write a property.
 |-
-||append||Append a property.||
+||append||Append a property.
 |-
-||getattr||Get the attributes of a property.||
+||getattr||Get the attributes of a property.
 |-
-||setattr||Set the attributes of a property.||
+||setattr||Set the attributes of a property.
 |}
 ! Description
 |-
-||read||
+||read
 |-
-||write||
+||write
 |}
 ! Description
 |-
-||getattr||
+||getattr
 |-
-||setattr||
+||setattr
 |-
-||hide_cursor||
+||hide_cursor
 |-
-||show_cursor||
+||show_cursor
 |-
-||saver_getattr||
+||saver_getattr
 |-
-||saver_setattr||
+||saver_setattr
 |-
-||saver_hide||
+||saver_hide
 |-
-||saver_show||
+||saver_show
 |}
 ! Description
 |-
-||read||
+||read
 |-
-||write||
+||write
 |-
-||getattr||
+||getattr
 |-
-||setattr||
+||setattr
 |}
 ! Description
 |-
-||getattr||
+||getattr
 |-
-||setattr||
+||setattr
 |-
-||record||
+||record
 |-
-||debug||
+||debug
 |-
-||grab||
+||grab
 |-
-||manage||
+||manage
 |}
 ! Description
 |-
-||send||
+||send
 |-
-||receive||
+||receive
 |}

ObjectClassesPerms

From SELinux Wiki

Current revision

Contents

[edit] SELinux Object Classes and Permissions Reference

[edit] Common Permission Sets

[edit] common database

[edit] common file

[edit] common ipc

[edit] common socket

[edit] common x_device

[edit] Kernel Object Classes

[edit] appletalk_socket

[edit] association

[edit] blk_file

[edit] capability

[edit] capability2

[edit] chr_file

[edit] dccp_socket

[edit] dir

[edit] fd

[edit] fifo_file

[edit] file

[edit] filesystem

[edit] ipc

[edit] kernel_service

[edit] key

[edit] key_socket

[edit] lnk_file

[edit] memprotect

[edit] msg

[edit] msgq

[edit] netif

[edit] netlink_socket

[edit] netlink_audit_socket

[edit] netlink_dnrt_socket

[edit] netlink_firewall_socket

[edit] netlink_ip6fw_socket

[edit] netlink_kobject_uevent_socket

[edit] netlink_nflog_socket

[edit] netlink_route_socket

[edit] netlink_selinux_socket

[edit] netlink_tcpdiag_socket

[edit] netlink_xfrm_socket

[edit] node

[edit] packet

[edit] packet_socket

[edit] peer

[edit] process

[edit] rawip_socket

[edit] security

[edit] sem

[edit] shm

[edit] sock_file

[edit] socket

[edit] system

[edit] tcp_socket

[edit] tun_socket

[edit] udp_socket

[edit] unix_dgram_socket

[edit] unix_stream_socket

[edit] Database Object Classes

[edit] db_blob

[edit] db_column

[edit] db_database

[edit] db_procedure

[edit] db_table

[edit] db_tuple

[edit] DBus Object Classes

[edit] dbus

[edit] MLS Context Translation Object Classes

[edit] context

[edit] NSCD Object Classes

[edit] nscd

[edit] Password Object Classes

[edit] passwd

[edit] X Server Object Classes

[edit] x_application_data

[edit] x_client

[edit] x_colormap