Improve the documentation of unconfined_domain().

2010-02-26 13:47:17 -05:00 · 2010-02-26 13:47:17 -05:00 · 14e543cb1c
commit 14e543cb1c
parent 45185c0783
1 changed files with 13 additions and 7 deletions
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@ -101,9 +101,20 @@ interface(`unconfined_domain_noaudit',`
 ########################################
 ## <summary>
 ##	Make the specified domain unconfined and
-##	audit executable memory and executable heap
-##	usage.
+##	audit executable heap usage.
 ## </summary>
+## <desc>
+##	<p>
+##	Make the specified domain unconfined and
+##	audit executable heap usage.  With exception
+##	of memory protections, usage of this interface
+##	will result in the level of access the domain has
+##	is like SELinux	was not being used.
+##	</p>
+##	<p>
+##	Only completely trusted domains should use this interface.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain to make unconfined.
@ -116,11 +127,6 @@ interface(`unconfined_domain',`
 	tunable_policy(`allow_execheap',`
 		auditallow $1 self:process execheap;
 	')
-
-# Turn off this audit for FC5
-#	tunable_policy(`allow_execmem',`
-#		auditallow $1 self:process execmem;
-#	')
 ')

 ########################################