rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/system/unconfined.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   d0a6df5c47da00ffea50ad77a795b82f1b404783
  2.   policy
  3.   modules
  4.   system
  5.   unconfined.te
Blob History Raw
Chris PeBenito 17de1b
Chris PeBenito 72295e 
policy_module(unconfined, 3.1.1)
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
########################################
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b 
# Declarations
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
# usage in this module of types created by these
Chris PeBenito 350b6a 
# calls is not correct, however we dont currently
Chris PeBenito 350b6a 
# have another method to add access to these types
Chris PeBenito 350b6a 
userdom_base_user_template(unconfined)
Chris PeBenito 296273 
userdom_manage_home_role(unconfined_r, unconfined_t)
Chris PeBenito 296273 
userdom_manage_tmp_role(unconfined_r, unconfined_t)
Chris PeBenito 296273 
userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
Chris PeBenito 350b6a
Chris PeBenito 17de1b 
type unconfined_exec_t;
Chris PeBenito 350b6a 
init_system_domain(unconfined_t, unconfined_exec_t)
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
type unconfined_execmem_t;
Chris PeBenito 350b6a 
type unconfined_execmem_exec_t;
Chris PeBenito 350b6a 
init_system_domain(unconfined_execmem_t, unconfined_execmem_exec_t)
Chris PeBenito 350b6a 
role unconfined_r types unconfined_execmem_t;
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
########################################
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b 
# Local policy
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
domtrans_pattern(unconfined_t, unconfined_execmem_exec_t, unconfined_execmem_t)
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
files_create_boot_flag(unconfined_t)
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
mcs_killall(unconfined_t)
Chris PeBenito 350b6a 
mcs_ptrace_all(unconfined_t)
Chris PeBenito 350b6a
Chris PeBenito 296273 
init_run_daemon(unconfined_t, unconfined_r)
Chris PeBenito 350b6a
Chris PeBenito 296273 
libs_run_ldconfig(unconfined_t, unconfined_r)
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
logging_send_syslog_msg(unconfined_t)
Chris PeBenito 296273 
logging_run_auditctl(unconfined_t, unconfined_r)
Chris PeBenito 17de1b
Chris PeBenito 296273 
mount_run_unconfined(unconfined_t, unconfined_r)
Chris PeBenito 17de1b
Chris PeBenito 296273 
seutil_run_setfiles(unconfined_t, unconfined_r)
Chris PeBenito 296273 
seutil_run_semanage(unconfined_t, unconfined_r)
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
unconfined_domain(unconfined_t)
Chris PeBenito 17de1b
Chris PeBenito 296273 
userdom_user_home_dir_filetrans_user_home_content(unconfined_t, { dir file lnk_file fifo_file sock_file })
Chris PeBenito d6d16b
Chris PeBenito d87efe 
ifdef(`distro_gentoo',`
Chris PeBenito 296273 
	seutil_run_runinit(unconfined_t, unconfined_r)
Chris PeBenito 296273 
	seutil_init_script_run_runinit(unconfined_t, unconfined_r)
Chris PeBenito d87efe 
')
Chris PeBenito d87efe
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 350b6a 
	ada_domtrans(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	apache_run_helper(unconfined_t, unconfined_r)
Chris PeBenito 296273 
	apache_role(unconfined_r, unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	bind_run_ndc(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	bootloader_run(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	cron_unconfined_role(unconfined_r, unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 350b6a 
	init_dbus_chat_script(unconfined_t)
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
	dbus_stub(unconfined_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	optional_policy(`
Chris PeBenito 350b6a 
		avahi_dbus_chat(unconfined_t)
Chris PeBenito 17de1b 
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	optional_policy(`
Chris PeBenito 350b6a 
		bluetooth_dbus_chat(unconfined_t)
Chris PeBenito 17de1b 
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	optional_policy(`
Chris PeBenito 350b6a 
		consolekit_dbus_chat(unconfined_t)
Chris PeBenito 6b19be 
	')
Chris PeBenito 6b19be
Chris PeBenito 6b19be 
	optional_policy(`
Chris PeBenito 350b6a 
		cups_dbus_chat_config(unconfined_t)
Chris PeBenito 17de1b 
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	optional_policy(`
Chris PeBenito 350b6a 
		hal_dbus_chat(unconfined_t)
Chris PeBenito 17de1b 
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	optional_policy(`
Chris PeBenito 350b6a 
		networkmanager_dbus_chat(unconfined_t)
Chris PeBenito 17de1b 
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	optional_policy(`
Chris PeBenito 350b6a 
		oddjob_dbus_chat(unconfined_t)
Chris PeBenito 17de1b 
	')
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	firstboot_run(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	ftp_run_ftpdctl(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 350b6a 
	inn_domtrans(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito b26482 
	java_run_unconfined(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	lpd_run_checkpc(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito e2b84e
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	modutils_run_update_mods(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 350b6a 
	mono_domtrans(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	mta_role(unconfined_r, unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 350b6a 
	oddjob_domtrans_mkhomedir(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	prelink_run(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	portmap_run_helper(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	postfix_run_map(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
	# cjp: this should probably be removed:
Chris PeBenito 350b6a 
	postfix_domtrans_master(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	pyzor_role(unconfined_r, unconfined_t)
Chris PeBenito e4171e 
')
Chris PeBenito e4171e
Chris PeBenito e4171e 
optional_policy(`
Chris PeBenito 350b6a 
	# cjp: this should probably be removed:
Chris PeBenito 350b6a 
	rpc_domtrans_nfsd(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	rpm_run(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	samba_run_net(unconfined_t, unconfined_r)
Chris PeBenito 296273 
	samba_run_winbind_helper(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	spamassassin_role(unconfined_r, unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	sysnet_run_dhcpc(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
	sysnet_dbus_chat_dhcpc(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	tzdata_run(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	usermanage_run_admin_passwd(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	vpn_run(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	webalizer_run(unconfined_t, unconfined_r)
Chris PeBenito 350b6a 
')
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 350b6a 
	wine_domtrans(unconfined_t)
Chris PeBenito 350b6a 
')
Chris PeBenito 350b6a
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 296273 
	xserver_domtrans(unconfined_t)
Chris PeBenito 17de1b 
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
########################################
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b 
# Unconfined Execmem Local policy
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b
Chris PeBenito 350b6a 
allow unconfined_execmem_t self:process { execstack execmem };
Chris PeBenito 350b6a 
unconfined_domain_noaudit(unconfined_execmem_t)
Chris PeBenito a5e213
Chris PeBenito 350b6a 
optional_policy(`
Chris PeBenito 350b6a 
	dbus_stub(unconfined_execmem_t)
Chris PeBenito a5e213
Chris PeBenito 350b6a 
	init_dbus_chat_script(unconfined_execmem_t)
Chris PeBenito 350b6a 
	unconfined_dbus_chat(unconfined_execmem_t)
Chris PeBenito d6d16b
Chris PeBenito 350b6a 
	optional_policy(`
Chris PeBenito 350b6a 
		hal_dbus_chat(unconfined_execmem_t)
Chris PeBenito a5e213 
	')
Chris PeBenito 17de1b 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation