3 Replies Latest reply on Mar 6, 2013 6:08 AM by vetterous

    Type Enforcement alarms


      Hello all!


      I'm trying to get a better understanding on type enforcement alarms. I found KB64314 Type Enforcement Violations (very helpful info), but a question I had after reading the KB, is there a list of domains somewhere?


      I think I understand:


      user domain = non srole

      Admin = srole

      RolA = rollaudit

      audt = audit


      But I have seen other domains listed in TE alarms that I don't understand (CCro). Is there any place I could find all the listed domains? Any information on reading type enforcement alarms would be very welcome! Thank you for your time.

        • 1. Re: Type Enforcement alarms



          I am not aware of a list of all possible domains. This is probably due to the fact that _most_ of the time, you do not need to know the TE of a file or process, expect of course when something goes wrong. Most KB articles that require you to change the TE also give you the appropriate domains. If you have a file that has the wrong TE, sometimes it helps to look at the same file on another firewall to see what the domain is on that firewall. Finally, the TE database that references all domains is hidden to everyone, as being able to view/change this would defeat the purpose of TE


          CCro appears to me to be a Control Center domain that is read only. Also, the domain portion is going to be 4 digits, so "user domian"=User, Admin=Admn, etc


          Hope this helps,



          • 2. Re: Type Enforcement alarms

            There is a better explanation of Type Enforcement in the Admin Guide if you're curious about it.


            There is also a great PDF here at the old site:  www.securecomputing.com/pdf/secureos.pdf

            • 3. Re: Type Enforcement alarms

              Awesome info! Thank you guys!