Blame strict/domains/program/unconfined.te
|
Chris PeBenito |
0fbfa5 |
#DESC Unconfined - Use to essentially disable SELinux for a particular program
|
|
Chris PeBenito |
0fbfa5 |
# This domain will be useful as a workaround for e.g. third-party daemon software
|
|
Chris PeBenito |
0fbfa5 |
# that has no policy, until one can be written for it.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# To use, label the executable with unconfined_exec_t, e.g.:
|
|
Chris PeBenito |
0fbfa5 |
# chcon -t unconfined_exec_t /usr/local/bin/appsrv
|
|
Chris PeBenito |
0fbfa5 |
# Or alternatively add it to /etc/security/selinux/src/policy/file_contexts/program/unconfined.fc
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
type unconfined_t, domain, privlog, admin, privmem, fs_domain, auth_write;
|
|
Chris PeBenito |
0fbfa5 |
type unconfined_exec_t, file_type, sysadmfile, exec_type;
|
|
Chris PeBenito |
0fbfa5 |
role sysadm_r types unconfined_t;
|
|
Chris PeBenito |
0fbfa5 |
domain_auto_trans(sysadm_t, unconfined_exec_t, unconfined_t)
|
|
Chris PeBenito |
0fbfa5 |
role system_r types unconfined_t;
|
|
Chris PeBenito |
0fbfa5 |
domain_auto_trans(initrc_t, unconfined_exec_t, unconfined_t)
|
|
Chris PeBenito |
0fbfa5 |
unconfined_domain(unconfined_t)
|