16 lines
784 B
Plaintext
16 lines
784 B
Plaintext
|
#DESC Unconfined - Use to essentially disable SELinux for a particular program
|
||
|
# This domain will be useful as a workaround for e.g. third-party daemon software
|
||
|
# that has no policy, until one can be written for it.
|
||
|
#
|
||
|
# To use, label the executable with unconfined_exec_t, e.g.:
|
||
|
# chcon -t unconfined_exec_t /usr/local/bin/appsrv
|
||
|
# Or alternatively add it to /etc/security/selinux/src/policy/file_contexts/program/unconfined.fc
|
||
|
|
||
|
type unconfined_t, domain, privlog, admin, privmem, fs_domain, auth_write;
|
||
|
type unconfined_exec_t, file_type, sysadmfile, exec_type;
|
||
|
role sysadm_r types unconfined_t;
|
||
|
domain_auto_trans(sysadm_t, unconfined_exec_t, unconfined_t)
|
||
|
role system_r types unconfined_t;
|
||
|
domain_auto_trans(initrc_t, unconfined_exec_t, unconfined_t)
|
||
|
unconfined_domain(unconfined_t)
|