rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Improve the documentation of unconfined_domain().

Browse Source
This commit is contained in:
Chris PeBenito 2010-02-26 13:47:17 -05:00
parent 45185c0783
commit 14e543cb1c
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
policy/modules/system/unconfined.if
View File

@ -101,9 +101,20 @@ interface(`unconfined_domain_noaudit',`
######################################## ########################################
## <summary> ## <summary>
## Make the specified domain unconfined and ## Make the specified domain unconfined and
## audit executable memory and executable heap ## audit executable heap usage.
## usage.
## </summary> ## </summary>
## <desc>
## <p>
## Make the specified domain unconfined and
## audit executable heap usage. With exception
## of memory protections, usage of this interface
## will result in the level of access the domain has
## is like SELinux was not being used.
## </p>
## <p>
## Only completely trusted domains should use this interface.
## </p>
## </desc>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
## Domain to make unconfined. ## Domain to make unconfined.
@ -116,11 +127,6 @@ interface(`unconfined_domain',`
tunable_policy(`allow_execheap',` tunable_policy(`allow_execheap',`
auditallow $1 self:process execheap; auditallow $1 self:process execheap;
') ')
# Turn off this audit for FC5
# tunable_policy(`allow_execmem',`
# auditallow $1 self:process execmem;
# ')
') ')
######################################## ########################################