diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if index 5533ca1..c11cb30 100644 --- a/policy/modules/system/unconfined.if +++ b/policy/modules/system/unconfined.if @@ -101,9 +101,20 @@ interface(`unconfined_domain_noaudit',` ######################################## ## ## Make the specified domain unconfined and -## audit executable memory and executable heap -## usage. +## audit executable heap usage. ## +## +##

+## Make the specified domain unconfined and +## audit executable heap usage. With exception +## of memory protections, usage of this interface +## will result in the level of access the domain has +## is like SELinux was not being used. +##

+##

+## Only completely trusted domains should use this interface. +##

+##
## ## ## Domain to make unconfined. @@ -116,11 +127,6 @@ interface(`unconfined_domain',` tunable_policy(`allow_execheap',` auditallow $1 self:process execheap; ') - -# Turn off this audit for FC5 -# tunable_policy(`allow_execmem',` -# auditallow $1 self:process execmem; -# ') ') ########################################