36 lines
1.1 KiB
Plaintext
36 lines
1.1 KiB
Plaintext
|
# Allow rpm to run unconfined.
|
||
|
|
define(`unlimitedRPM')
|
||
|
|
|
||
|
|
# Allow privileged utilities like hotplug and insmod to run unconfined.
|
||
|
|
dnl define(`unlimitedUtils')
|
||
|
|
|
||
|
|
# Allow rc scripts to run unconfined, including any daemon
|
||
|
|
# started by an rc script that does not have a domain transition
|
||
|
|
# explicitly defined.
|
||
|
|
dnl define(`unlimitedRC')
|
||
|
|
|
||
|
|
# Allow sysadm_t to directly start daemons
|
||
|
|
dnl define(`direct_sysadm_daemon')
|
||
|
|
|
||
|
|
# Do not allow sysadm_t to be in the security manager domain
|
||
|
|
define(`separate_secadm')
|
||
|
|
|
||
|
|
# Do not audit things that we know to be broken but which
|
||
|
|
# are not security risks
|
||
|
|
define(`hide_broken_symptoms')
|
||
|
|
|
||
|
|
# Allow user_r to reach sysadm_r via su, sudo, or userhelper.
|
||
|
|
# Otherwise, only staff_r can do so.
|
||
|
|
dnl define(`user_canbe_sysadm')
|
||
|
|
|
||
|
|
# Allow xinetd to run unconfined, including any services it starts
|
||
|
|
# that do not have a domain transition explicitly defined.
|
||
|
|
dnl define(`unlimitedInetd')
|
||
|
|
|
||
|
|
# for ndc_t to be used for restart shell scripts
|
||
|
|
dnl define(`ndc_shell_script')
|
||
|
|
|
||
|
|
# Enable Polyinstantiation support
|
||
|
|
dnl define(`support_polyinstatiation')
|
||
|
|
define(`mls_policy')
|