From edb77e59feb084aae98a70c426e08f033041cc6c Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Jan 19 2006 15:55:56 +0000
Subject: add execstack and execheap to unconfined domain exclusion


---

diff --git a/refpolicy/policy/modules/kernel/domain.if b/refpolicy/policy/modules/kernel/domain.if
index db68ba8..15fcea5 100644
--- a/refpolicy/policy/modules/kernel/domain.if
+++ b/refpolicy/policy/modules/kernel/domain.if
@@ -1122,7 +1122,7 @@ interface(`domain_unconfined',`
 	allow $1 domain:fifo_file rw_file_perms;
 
 	# Act upon any other process.
-	allow $1 domain:process ~{ transition dyntransition execmem };
+	allow $1 domain:process ~{ transition dyntransition execmem execstack execheap };
 
 	# Create/access any System V IPC objects.
 	allow $1 domain:{ sem msgq shm } *;