diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if index f72a25f..e2f4bc5 100644 --- a/refpolicy/policy/modules/system/unconfined.if +++ b/refpolicy/policy/modules/system/unconfined.if @@ -186,6 +186,44 @@ interface(`unconfined_shell_domtrans',` ######################################## ## +## Allow unconfined to execute the specified program in +## the specified domain. +## +## +## +## Allow unconfined to execute the specified program in +## the specified domain. +## +## +## This is a interface to support third party modules +## and its use is not allowed in upstream reference +## policy. +## +## +## +## +## Domain to execute in. +## +## +## +## +## Domain entry point file. +## +## +# +interface(`unconfined_domtrans_to',` + gen_require(` + type unconfined_t; + ') + + domain_auto_trans(unconfined_t,$2,$1) + allow $1 unconfined_t:fd use; + allow $1 unconfined_t:fifo_file rw_file_perms; + allow $1 unconfined_t:process sigchld; +') + +######################################## +## ## Inherit file descriptors from the unconfined domain. ## ##
+## Allow unconfined to execute the specified program in +## the specified domain. +##
+## This is a interface to support third party modules +## and its use is not allowed in upstream reference +## policy. +##