Layer: apps

Module: wm

Tunables Interfaces Templates

Description:

X Window Managers.

Tunables:

wm_write_xdg_data

Default value

false

Description

Grant the window manager domains write access to xdg data

Return

Interfaces:

wm_application_domain(
	
		target_domain
		
			,
		
		entry_point
		
			,
		
		source_domain
		
	)

Summary

Create a domain for applications that are launched by the window manager.

Description

Create a domain for applications that are launched by the window manager (implying a domain transition). Typically these are graphical applications that are run interactively.

The types will be made usable as a domain and file, making calls to domain_type() and files_type() redundant.

Parameters

Parameter:	Description:
target_domain	Type to be used in the domain transition as the application domain.
entry_point	Type of the program to be used as an entry point to this domain.
source_domain	Type to be used as the source window manager domain.

wm_dontaudit_exec_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to execute files in temporary directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

wm_dontaudit_exec_tmpfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to execute files in temporary filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

wm_exec(
	
		domain
		
	)

Summary

Execute wm in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

wm_map_tmpfs_files(
	
		domain
		
	)

Summary

map files in temporary filesystems.

Parameters

Parameter:	Description:
domain	Domain to allow

wm_receive_fd(
	
		domain
		
	)

Summary

Allow receiving fd from wm domain

Parameters

Parameter:	Description:
domain	Domain to allow

wm_rw_tmpfs_files(
	
		domain
		
	)

Summary

read-write files in temporary filesystems.

Parameters

Parameter:	Description:
domain	Domain to allow

wm_send_fd(
	
		domain
		
	)

Summary

Allow sending fd to wm domain

Parameters

Parameter:	Description:
domain	Domain to allow

wm_sock_rw(
	
		domain
		
	)

Summary

Allow using socket of wm domain

Parameters

Parameter:	Description:
domain	Domain to allow

Return

Templates:

wm_dbus_chat(
	
		role_prefix
		
			,
		
		domain
		
	)

Summary

Send and receive messages from specified wm over dbus.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).
domain	Domain allowed access.

wm_role_template(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

The role template for the wm module.

Description

This template creates a derived domains which are used for window manager applications.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute and transition access.
role	Role allowed access

wm_write_pipes(
	
		role_prefix
		
			,
		
		domain
		
	)

Summary

Write wm unnamed pipes.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).
domain	Domain allowed access.

Return