Appendix B. SELinux Operations

Table B-1 summarizes SELinux operations, identifying their related object classes and giving an approximate description of them. In future SELinux releases, SELinux developers may change the roster of operations, associate operations with object classes differently, or modify the function performed by an operation. The table is sorted alphabetically by the name of the operation. The SELinux file src/policy/flask/access_vectors shows the relationship between object classes and operations and is sorted by object class.

Table B-1. SELinux operations

Operation	Object classes	Description
`accept`	`key_socket`, `netlink_socket`, `packet_socket`, `raw_ipsocket`, `socket`, `tcp_socket`, `udp_socket`, `unix_dgram_socket`, `unix_stream_socket`	Accept a connection.
`acceptfrom`	`tcp_socket`, `unix_stream_socket`	Accept connection from client socket.
`add_name`	`dir`	Add a name.
`append`	`blk_file`, `chr_file`, `dir`, `fifo_file`, `file`, `key_socket`, `lnk_file`, `netlink_socket`, `packet_socket`, `rawip_socket`, `sock_file`, `socket`, `tcp_socket`, `udp_socket`, `unix_dgram_socket`, `unix_stream_socket`	Write or append file or socket contents.
`associate`	`filesystem`, `ipc`, `msgq`, `sem`, `shm`	Associate a file or key with a filesystem, queue, semaphore set, or memory segment.
`avc_toggle`	`system`	Toggle between permissive and enforcing modes.
`bdflush`	`system`	Control the buffer-dirty-flush daemon.
`bind`	`key_socket`, `netlink_socket`, `packet_socket`, `rawip_socket`, `socket`, `tcp_socket ...`

Get SELinux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux by

Appendix B. SELinux Operations

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly