Layer: system

Module: systemd

Tunables Interfaces

Description:

Systemd components (not PID 1)

Tunables:

systemd_nspawn_labeled_namespace

Default value

false

Description

Allow systemd-nspawn to create a labelled namespace with the same types as parent environment

systemd_tmpfiles_manage_all

Default value

false

Description

Enable support for systemd-tmpfiles to manage all non-security files.

Return

Interfaces:

systemd_dbus_chat_logind(
	
		domain
		
	)

Summary

Send and receive messages from systemd logind over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_filetrans_passwd_runtime_dirs(
	
		domain
		
	)

Summary

Transition to systemd_passwd_var_run_t when creating dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_list_tmpfiles_conf(
	
		domain
		
	)

Summary

Allow domain to list systemd tmpfiles config directory

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_log_parse_environment(
	
		domain
		
	)

Summary

Make the specified type usable as an log parse environment type.

Parameters

Parameter:	Description:
domain	Type to be used as a log parse environment type.

systemd_manage_all_units(
	
		domain
		
	)

Summary

manage systemd unit dirs and the files in them

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_journal_files(
	
		domain
		
	)

Summary

Allow domain to create/manage systemd_journal_t files

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_logind_pid_pipes(
	
		domain
		
	)

Summary

Manage systemd_login PID pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_networkd_units(
	
		domain
		
	)

Summary

Allow domain to create/manage systemd_networkd_t unit files

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_passwd_runtime_symlinks(
	
		domain
		
	)

Summary

Allow to domain to create systemd-passwd symlink

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_read_logind_pids(
	
		domain
		
	)

Summary

Read systemd_login PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_read_logind_sessions_files(
	
		domain
		
	)

Summary

Read logind sessions files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_read_logind_state(
	
		domain
		
	)

Summary

Allow systemd_logind_t to read process state for cgroup file

Parameters

Parameter:	Description:
domain	Domain systemd_logind_t may access.

systemd_read_machines(
	
		domain
		
	)

Summary

Allow reading /run/systemd/machines

Parameters

Parameter:	Description:
domain	Domain that can access the machines files

systemd_read_networkd_units(
	
		domain
		
	)

Summary

Allow domain to read systemd_networkd_t unit files

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_relabelfrom_networkd_tun_sockets(
	
		domain
		
	)

Summary

Relabel systemd_networkd tun socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_relabelto_journal_dirs(
	
		domain
		
	)

Summary

Relabel to systemd-journald directory type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_relabelto_journal_files(
	
		domain
		
	)

Summary

Relabel to systemd-journald file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_relabelto_tmpfiles_conf_dirs(
	
		domain
		
	)

Summary

Allow domain to relabel to systemd tmpfiles config directory

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_relabelto_tmpfiles_conf_files(
	
		domain
		
	)

Summary

Allow domain to relabel to systemd tmpfiles config files

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_rw_networkd_netlink_route_sockets(
	
		domain
		
	)

Summary

Read/Write from systemd_networkd netlink route socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_signull_logind(
	
		domain
		
	)

Summary

Send systemd_login a null signal.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_start_power_units(
	
		domain
		
	)

Summary

Allow specified domain to start power units

Parameters

Parameter:	Description:
domain	Domain to not audit.

systemd_startstop_networkd(
	
		domain
		
	)

Summary

Allow specified domain to start systemd-networkd units

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_status_logind(
	
		domain
		
	)

Summary

Get the system status information from systemd_login

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_status_networkd(
	
		domain
		
	)

Summary

Allow specified domain to get status of systemd-networkd

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_tmpfiles_conf_file(
	
		type
		
	)

Summary

Make the specified type usable for systemd tmpfiles config files.

Parameters

Parameter:	Description:
type	Type to be used for systemd tmpfiles config files.

systemd_tmpfiles_conf_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in the systemd tmpfiles config directory, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

systemd_tmpfiles_creator(
	
		domain
		
	)

Summary

Allow the specified domain to create the tmpfiles config directory with the correct context.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_tmpfilesd_managed(
	
		type
		
			,
		
		class
		
	)

Summary

Allow systemd_tmpfiles_t to manage filesystem objects

Parameters

Parameter:	Description:
type	type of object to manage
class	object class to manage

systemd_use_logind_fds(
	
		domain
		
	)

Summary

Use inherited systemd logind file descriptors.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_use_passwd_agent(
	
		domain
		
	)

Summary

Allow a systemd_passwd_agent_t process to interact with a daemon that needs a password from the sysadmin.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_use_passwd_agent_fds(
	
		domain
		
	)

Summary

allow systemd_passwd_agent to inherit fds

Parameters

Parameter:	Description:
domain	Domain that owns the fds

systemd_write_inherited_logind_inhibit_pipes(
	
		domain
		
	)

Summary

Write inherited logind inhibit pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_write_inherited_logind_sessions_pipes(
	
		domain
		
	)

Summary

Write inherited logind sessions pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_write_kmod_files(
	
		domain
		
	)

Summary

Allow process to write to systemd_kmod_conf_t.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_write_logind_pid_pipes(
	
		domain
		
	)

Summary

Write systemd_login named pipe.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return