update for 20050707 release

www/api-docs/admin_consoletype.html

@@ -72,9 +72,10 @@
 
 <h3>Description:</h3>
 
-<p>
+<p><p>
 Determine of the console connected to the controlling terminal.
-</p>
+</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/admin_dmesg.html

@@ -72,7 +72,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for dmesg.</p>
+<p><p>Policy for dmesg.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/admin_logrotate.html

@@ -72,7 +72,8 @@
 
 <h3>Description:</h3>
 
-<p>Rotate and archive system logs</p>
+<p><p>Rotate and archive system logs</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/admin_netutils.html

@@ -72,7 +72,8 @@
 
 <h3>Description:</h3>
 
-<p>Network analysis utilities</p>
+<p><p>Network analysis utilities</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/admin_rpm.html

@@ -72,7 +72,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for the RPM package manager.</p>
+<p><p>Policy for the RPM package manager.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/admin_usermanage.html

@@ -72,7 +72,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for managing user accounts.</p>
+<p><p>Policy for managing user accounts.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/apps_gpg.html

@@ -55,7 +55,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for GNU Privacy Guard and related programs.</p>
+<p><p>Policy for GNU Privacy Guard and related programs.</p></p>
+
 
 
 

www/api-docs/index.html

@@ -169,6 +169,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -275,8 +278,7 @@ Device nodes and interfaces for many basic system devices.
 			<a href='kernel_kernel.html'>
 			kernel</a></td>
 			<td><p>
-Policy for kernel threads, proc filesystem,
+Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
-and unlabeled processes and objects.
 </p></td>
 		
 			<tr><td>
@@ -466,6 +468,11 @@ connection and disconnection of devices at runtime.
 			udev</a></td>
 			<td><p>Policy for udev.</p></td>
 		
+			<tr><td>
+			<a href='system_unconfined.html'>
+			unconfined</a></td>
+			<td><p>The unconfined domain.</p></td>
+		
 			<tr><td>
 			<a href='system_userdomain.html'>
 			userdomain</a></td>

www/api-docs/interfaces.html

@@ -169,6 +169,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -11105,6 +11108,32 @@ Layer: <a href='kernel.html'>
 kernel</a><p/>
 <div id="codeblock">
 
+<b>corenet_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to network objects.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='kernel_corenetwork.html'>
+corenetwork</a><p/>
+Layer: <a href='kernel.html'>
+kernel</a><p/>
+<div id="codeblock">
+
 <b>corenet_use_tun_tap_device</b>(
 	
 		
@@ -13744,6 +13773,32 @@ Layer: <a href='kernel.html'>
 kernel</a><p/>
 <div id="codeblock">
 
+<b>dev_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to devices.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='kernel_devices.html'>
+devices</a><p/>
+Layer: <a href='kernel.html'>
+kernel</a><p/>
+<div id="codeblock">
+
 <b>dev_write_framebuffer</b>(
 	
 		
@@ -14582,6 +14637,32 @@ Layer: <a href='system.html'>
 system</a><p/>
 <div id="codeblock">
 
+<b>domain_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to domains.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_domain.html'>
+domain</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
 <b>domain_use_wide_inherit_fd</b>(
 	
 		
@@ -14686,6 +14767,40 @@ Layer: <a href='system.html'>
 system</a><p/>
 <div id="codeblock">
 
+<b>files_create_home_dirs</b>(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		home_type
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Create home directories
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_files.html'>
+files</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
 <b>files_create_lock</b>(
 	
 		
@@ -16613,6 +16728,32 @@ Layer: <a href='system.html'>
 system</a><p/>
 <div id="codeblock">
 
+<b>files_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to files.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_files.html'>
+files</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
 <b>files_unmount_all_file_type_fs</b>(
 	
 		
@@ -18204,6 +18345,32 @@ Layer: <a href='kernel.html'>
 kernel</a><p/>
 <div id="codeblock">
 
+<b>fs_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to filesystems
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='kernel_filesystem.html'>
+filesystem</a><p/>
+Layer: <a href='kernel.html'>
+kernel</a><p/>
+<div id="codeblock">
+
 <b>fs_unmount_all_fs</b>(
 	
 		
@@ -19007,7 +19174,15 @@ system</a><p/>
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -19015,7 +19190,8 @@ system</a><p/>
 
 <div id="description">
 <p>
-Summary is missing!
+Create a domain for long running processes
+(daemons) which can be started by init scripts.
 </p>
 </div>
 
@@ -19033,7 +19209,15 @@ system</a><p/>
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -19041,7 +19225,7 @@ system</a><p/>
 
 <div id="description">
 <p>
-Summary is missing!
+Create a domain which can be started by init.
 </p>
 </div>
 
@@ -19444,6 +19628,42 @@ Layer: <a href='system.html'>
 system</a><p/>
 <div id="codeblock">
 
+<b>init_run_daemon</b>(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)<br>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_init.html'>
+init</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
 <b>init_rw_script_pid</b>(
 	
 		
@@ -19553,7 +19773,15 @@ system</a><p/>
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -19561,7 +19789,8 @@ system</a><p/>
 
 <div id="description">
 <p>
-Summary is missing!
+Create a domain for short running processes
+which can be started by init scripts.
 </p>
 </div>
 
@@ -20876,6 +21105,32 @@ Layer: <a href='kernel.html'>
 kernel</a><p/>
 <div id="codeblock">
 
+<b>kernel_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to the kernel.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='kernel_kernel.html'>
+kernel</a><p/>
+Layer: <a href='kernel.html'>
+kernel</a><p/>
+<div id="codeblock">
+
 <b>kernel_use_fd</b>(
 	
 		
@@ -22553,7 +22808,15 @@ services</a><p/>
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -22561,7 +22824,8 @@ services</a><p/>
 
 <div id="description">
 <p>
-Summary is missing!
+Modified mailserver interface for
+sendmail daemon use.
 </p>
 </div>
 
@@ -23326,6 +23590,26 @@ kernel</a><p/>
 		
 		
 		
+		domain
+		
+	
+	)<br>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='kernel_selinux.html'>
+selinux</a><p/>
+Layer: <a href='kernel.html'>
+kernel</a><p/>
+<div id="codeblock">
+
+<b>selinux_unconfined</b>(
+	
+		
+		
+		
 		domain
 		
 	
@@ -24260,6 +24544,12 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Create block devices in /dev with the fixed disk type.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24280,6 +24570,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Do not audit attempts made by the caller to get
+the attributes of fixed disk device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24300,6 +24597,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Do not audit attempts made by the caller to get
+the attributes of removable devices device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24320,6 +24624,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Do not audit attempts made by the caller to set
+the attributes of fixed disk device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24340,6 +24651,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Do not audit attempts made by the caller to set
+the attributes of removable devices device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24360,6 +24678,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to get the attributes of fixed disk
+device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24380,24 +24705,11 @@ kernel</a><p/>
 	)<br>
 </div>
 
-</div>
+<div id="description">
-
+<p>
-<div id="interfacesmall">
+Allow the caller to get the attributes of removable
-Module: <a href='kernel_storage.html'>
+devices device nodes.
-storage</a><p/>
+</p>
-Layer: <a href='kernel.html'>
-kernel</a><p/>
-<div id="codeblock">
-
-<b>storage_getattr_scsi_generic</b>(
-	
-		
-		
-		
-		domain
-		
-	
-	)<br>
 </div>
 
 </div>
@@ -24420,6 +24732,40 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to get the attributes of
+the generic SCSI interface device nodes.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='kernel_storage.html'>
+storage</a><p/>
+Layer: <a href='kernel.html'>
+kernel</a><p/>
+<div id="codeblock">
+
+<b>storage_getattr_scsi_generic</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Get attributes of the device nodes
+for the SCSI generic inerface.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24440,6 +24786,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to get the attributes
+of device nodes of tape devices.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24486,6 +24839,15 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly read from a fixed disk.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24506,6 +24868,15 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly read from a logical volume.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24526,6 +24897,16 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly read from
+a removable device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24546,6 +24927,15 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly write to a fixed disk.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24566,6 +24956,15 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly read from a logical volume.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24586,6 +24985,16 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly write to
+a removable device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24606,6 +25015,16 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly read, in a
+generic fashion, from any SCSI device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24626,6 +25045,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly read
+a tape device.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24672,6 +25098,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Set attributes of the device nodes
+for the SCSI generic inerface.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24692,6 +25125,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to set the attributes of fixed disk
+device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24712,6 +25152,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to set the attributes of removable
+devices device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24732,6 +25179,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to set the attributes of
+the generic SCSI interface device nodes.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24752,6 +25206,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to set the attributes
+of device nodes of tape devices.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24787,6 +25248,32 @@ Layer: <a href='kernel.html'>
 kernel</a><p/>
 <div id="codeblock">
 
+<b>storage_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to storage devices.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='kernel_storage.html'>
+storage</a><p/>
+Layer: <a href='kernel.html'>
+kernel</a><p/>
+<div id="codeblock">
+
 <b>storage_write_scsi_generic</b>(
 	
 		
@@ -24798,6 +25285,16 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly write, in a
+generic fashion, from any SCSI device.
+This is extremly dangerous as it can bypass the
+SELinux protections for filesystem objects, and
+should only be used by trusted domains.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -24818,6 +25315,13 @@ kernel</a><p/>
 	)<br>
 </div>
 
+<div id="description">
+<p>
+Allow the caller to directly read
+a tape device.
+</p>
+</div>
+
 </div>
 
 <div id="interfacesmall">
@@ -25886,6 +26390,136 @@ system</a><p/>
 
 </div>
 
+<div id="interfacesmall">
+Module: <a href='system_unconfined.html'>
+unconfined</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
+<b>unconfined_domtrans_shell</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Transition to the unconfined domain by executing a shell.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_unconfined.html'>
+unconfined</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
+<b>unconfined_role</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Add the unconfined domain to the specified role.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_unconfined.html'>
+unconfined</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
+<b>unconfined_rw_pipe</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Read and write unconfined domain unnamed pipes.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_unconfined.html'>
+unconfined</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
+<b>unconfined_sigchld</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Send a SIGCHLD signal to the unconfined domain.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_unconfined.html'>
+unconfined</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
+<b>unconfined_use_fd</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Inherit file descriptors from the unconfined domain.
+</p>
+</div>
+
+</div>
+
 <div id="interfacesmall">
 Module: <a href='system_userdomain.html'>
 userdomain</a><p/>
@@ -26237,6 +26871,32 @@ Layer: <a href='system.html'>
 system</a><p/>
 <div id="codeblock">
 
+<b>userdom_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+Unconfined access to user domains.
+</p>
+</div>
+
+</div>
+
+<div id="interfacesmall">
+Module: <a href='system_userdomain.html'>
+userdomain</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
 <b>userdom_use_all_user_fd</b>(
 	
 		

www/api-docs/kernel.html

@@ -109,8 +109,7 @@ Device nodes and interfaces for many basic system devices.
 			<a href='kernel_kernel.html'>
 			kernel</a></td>
 			<td><p>
-Policy for kernel threads, proc filesystem,
+Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
-and unlabeled processes and objects.
 </p></td>
 		
 			<tr><td>

www/api-docs/kernel_bootloader.html

@@ -78,7 +78,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for the kernel modules, kernel image, and bootloader.</p>
+<p><p>Policy for the kernel modules, kernel image, and bootloader.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/kernel_corenetwork.html

@@ -78,7 +78,10 @@
 
 <h3>Description:</h3>
 
-<p>Policy controlling access to network objects</p>
+<p><p>Policy controlling access to network objects</p></p>
+
+
+<p>This module is required to be included in all policies.</p>
 
 
 <a name="interfaces"></a>
@@ -18291,6 +18294,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>corenet_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to network objects.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+The domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>corenet_use_tun_tap_device</b>(

www/api-docs/kernel_devices.html

@@ -78,7 +78,7 @@
 
 <h3>Description:</h3>
  
-<p>
+<p><p>
 </p><p>
 This module creates the device node concept and provides
 the policy for many of the device files. Notable exceptions are
@@ -94,7 +94,8 @@ are used to label device nodes should use the dev_node macro.
 Additionally, this module controls access to three things:
 </p><ul><li>the device directories containing device nodes</li><li>device nodes as a group</li><li>individual access to specific device nodes covered by
 	this module.</li></ul><p>
-</p>
+</p></p>
+
 
 
 <a name="interfaces"></a>
@@ -4049,6 +4050,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>dev_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to devices.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>dev_write_framebuffer</b>(

www/api-docs/kernel_filesystem.html

@@ -78,7 +78,10 @@
 
 <h3>Description:</h3>
 
-<p>Policy for filesystems.</p>
+<p><p>Policy for filesystems.</p></p>
+
+
+<p>This module is required to be included in all policies.</p>
 
 
 <a name="interfaces"></a>
@@ -3288,6 +3291,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>fs_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to filesystems
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>fs_unmount_all_fs</b>(

www/api-docs/kernel_kernel.html

@@ -78,10 +78,12 @@
 
 <h3>Description:</h3>
 
-<p>
+<p><p>
-Policy for kernel threads, proc filesystem,
+Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
-and unlabeled processes and objects.
+</p></p>
-</p>
+
+
+<p>This module is required to be included in all policies.</p>
 
 
 <a name="interfaces"></a>
@@ -2151,6 +2153,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>kernel_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to the kernel.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>kernel_use_fd</b>(

www/api-docs/kernel_selinux.html

@@ -78,9 +78,12 @@
 
 <h3>Description:</h3>
 
-<p>
+<p><p>
 Policy for kernel security interface, in particular, selinuxfs.
-</p>
+</p></p>
+
+
+<p>This module is required to be included in all policies.</p>
 
 
 <a name="interfaces"></a>
@@ -524,6 +527,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>selinux_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+
+<h5>Description</h5>
+<p>
+Unconfined access to the SELinux security server.
+</p>
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>selinux_validate_context</b>(

www/api-docs/kernel_storage.html

@@ -78,7 +78,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy controlling access to storage devices</p>
+<p><p>Policy controlling access to storage devices</p></p>
+
 
 
 <a name="interfaces"></a>
@@ -101,12 +102,12 @@
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Create block devices in /dev with the fixed disk type.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -142,13 +143,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Do not audit attempts made by the caller to get
 the attributes of fixed disk device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -184,13 +185,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Do not audit attempts made by the caller to get
 the attributes of removable devices device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -226,13 +227,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Do not audit attempts made by the caller to set
 the attributes of fixed disk device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -268,13 +269,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Do not audit attempts made by the caller to set
 the attributes of removable devices device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -310,13 +311,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to get the attributes of fixed disk
 device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -352,13 +353,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to get the attributes of removable
 devices device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -394,13 +395,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to get the attributes of
 the generic SCSI interface device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -436,13 +437,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Get attributes of the device nodes
 for the SCSI generic inerface.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -478,13 +479,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to get the attributes
 of device nodes of tape devices.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -561,8 +562,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly read from a fixed disk.
 This is extremly dangerous as it can bypass the
@@ -570,6 +570,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -605,8 +606,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly read from a logical volume.
 This is extremly dangerous as it can bypass the
@@ -614,6 +614,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -649,8 +650,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly read from
 a removable device.
@@ -659,6 +659,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -694,8 +695,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly write to a fixed disk.
 This is extremly dangerous as it can bypass the
@@ -703,6 +703,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -738,8 +739,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly read from a logical volume.
 This is extremly dangerous as it can bypass the
@@ -747,6 +747,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -782,8 +783,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly write to
 a removable device.
@@ -792,6 +792,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -827,8 +828,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly read, in a
 generic fashion, from any SCSI device.
@@ -837,6 +837,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -872,13 +873,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly read
 a tape device.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -955,13 +956,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Set attributes of the device nodes
 for the SCSI generic inerface.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -997,13 +998,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to set the attributes of fixed disk
 device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -1039,13 +1040,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to set the attributes of removable
 devices device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -1081,13 +1082,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to set the attributes of
 the generic SCSI interface device nodes.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -1123,13 +1124,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to set the attributes
 of device nodes of tape devices.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -1192,6 +1193,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>storage_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to storage devices.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>storage_write_scsi_generic</b>(
@@ -1206,8 +1248,7 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly write, in a
 generic fashion, from any SCSI device.
@@ -1216,6 +1257,7 @@ SELinux protections for filesystem objects, and
 should only be used by trusted domains.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@@ -1251,13 +1293,13 @@ No
 </div>
 <div id="description">
 
-
+<h5>Summary</h5>
-<h5>Description</h5>
 <p>
 Allow the caller to directly read
 a tape device.
 </p>
 
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

www/api-docs/kernel_terminal.html

@@ -78,7 +78,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for terminals.</p>
+<p><p>Policy for terminals.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/services_cron.html

@@ -81,7 +81,8 @@
 
 <h3>Description:</h3>
 
-<p>Periodic execution of scheduled commands.</p>
+<p><p>Periodic execution of scheduled commands.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/services_inetd.html

@@ -78,7 +78,8 @@
 
 <h3>Description:</h3>
 
-<p>Internet services daemon.</p>
+<p><p>Internet services daemon.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/services_kerberos.html

@@ -78,7 +78,7 @@
 
 <h3>Description:</h3>
  
-<p>
+<p><p>
 </p><p>
 This policy supports:
 </p><p>
@@ -88,7 +88,8 @@ Servers:
 </p><p>
 Clients:
 </p><ul><li>kinit</li><li>kdestroy</li><li>klist</li><li>ksu (incomplete)</li></ul><p>
-</p>
+</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/services_mta.html

@@ -81,7 +81,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy common to all email tranfer agents.</p>
+<p><p>Policy common to all email tranfer agents.</p></p>
+
 
 
 <a name="interfaces"></a>
@@ -466,7 +467,15 @@ No
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -475,19 +484,46 @@ No
 
 <h5>Summary</h5>
 <p>
-Summary is missing!
+Modified mailserver interface for
+sendmail daemon use.
 </p>
 
 
+<h5>Description</h5>
+<p>
+</p><p>
+A modified MTA mail server interface for
+the sendmail program.  It's design does
+not fit well with policy, and using the
+regular interface causes a type_transition
+conflict if direct running of init scripts
+is enabled.
+</p><p>
+</p><p>
+This interface should most likely only be used
+by the sendmail policy.
+</p><p>
+</p>
+
 <h5>Parameters</h5>
 <table border="1" cellspacing="0" cellpadding="3" width="80%">
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 
 <tr><td>
-?
+domain
 </td><td>
 
-Parameter descriptions are missing!
+The type to be used for the mail server.
+
+</td><td>
+No
+</td></tr>
+
+<tr><td>
+entry_point
+</td><td>
+
+The type to be used for the domain entry point program.
 
 </td><td>
 No

www/api-docs/services_nis.html

@@ -78,7 +78,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for NIS (YP) servers and clients</p>
+<p><p>Policy for NIS (YP) servers and clients</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/services_remotelogin.html

@@ -78,7 +78,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for rshd, rlogind, and telnetd.</p>
+<p><p>Policy for rshd, rlogind, and telnetd.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/services_sendmail.html

@@ -78,7 +78,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for sendmail.</p>
+<p><p>Policy for sendmail.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/services_ssh.html

@@ -81,7 +81,8 @@
 
 <h3>Description:</h3>
 
-<p>Secure shell client and server policy.</p>
+<p><p>Secure shell client and server policy.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -244,6 +247,11 @@ connection and disconnection of devices at runtime.
 			udev</a></td>
 			<td><p>Policy for udev.</p></td>
 		
+			<tr><td>
+			<a href='system_unconfined.html'>
+			unconfined</a></td>
+			<td><p>The unconfined domain.</p></td>
+		
 			<tr><td>
 			<a href='system_userdomain.html'>
 			userdomain</a></td>

www/api-docs/system_authlogin.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -123,7 +126,8 @@
 
 <h3>Description:</h3>
 
-<p>Common policy for authentication and user login.</p>
+<p><p>Common policy for authentication and user login.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_clock.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for reading and setting the hardware clock.</p>
+<p><p>Policy for reading and setting the hardware clock.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_corecommands.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,10 +123,11 @@
 
 <h3>Description:</h3>
 
-<p>
+<p><p>
 Core policy for shells, and generic programs
 in /bin, /sbin, /usr/bin, and /usr/sbin.
-</p>
+</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_domain.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -123,7 +126,10 @@
 
 <h3>Description:</h3>
 
-<p>Core policy for domains.</p>
+<p><p>Core policy for domains.</p></p>
+
+
+<p>This module is required to be included in all policies.</p>
 
 
 <a name="interfaces"></a>
@@ -1125,6 +1131,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>domain_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to domains.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+The type of the process performing this action.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>domain_use_wide_inherit_fd</b>(

www/api-docs/system_files.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,14 +123,17 @@
 
 <h3>Description:</h3>
  
-<p>
+<p><p>
 </p><p>
 This module contains basic filesystem types and interfaces. This
 includes:
 </p><ul><li>The concept of different file types including basic
 files, mount points, tmp files, etc.</li><li>Access to groups of files and all files.</li><li>Types and interfaces for the basic filesystem layout
 (/, /etc, /tmp, /usr, etc.).</li></ul><p>
-</p>
+</p></p>
+
+
+<p>This module is required to be included in all policies.</p>
 
 
 <a name="interfaces"></a>
@@ -218,6 +224,65 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>files_create_home_dirs</b>(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		home_type
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Create home directories
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+The type of the process performing this action.
+
+</td><td>
+No
+</td></tr>
+
+<tr><td>
+home_type
+</td><td>
+
+The type of the home directory
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>files_create_lock</b>(
@@ -3359,6 +3424,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>files_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to files.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>files_unmount_all_file_type_fs</b>(

www/api-docs/system_fstools.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Tools for filesystem management, such as mkfs and fsck.</p>
+<p><p>Tools for filesystem management, such as mkfs and fsck.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_getty.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for getty.</p>
+<p><p>Policy for getty.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_hostname.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for changing the system host name.</p>
+<p><p>Policy for changing the system host name.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_hotplug.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,10 +123,11 @@
 
 <h3>Description:</h3>
 
-<p>
+<p><p>
 Policy for hotplug system, for supporting the
 connection and disconnection of devices at runtime.
-</p>
+</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_init.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>System initialization programs (init and init scripts).</p>
+<p><p>System initialization programs (init and init scripts).</p></p>
+
 
 
 <a name="interfaces"></a>
@@ -136,7 +140,15 @@
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -145,7 +157,8 @@
 
 <h5>Summary</h5>
 <p>
-Summary is missing!
+Create a domain for long running processes
+(daemons) which can be started by init scripts.
 </p>
 
 
@@ -154,10 +167,20 @@ Summary is missing!
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 
 <tr><td>
-?
+domain
 </td><td>
 
-Parameter descriptions are missing!
+Type to be used as a domain.
+
+</td><td>
+No
+</td></tr>
+
+<tr><td>
+entry_point
+</td><td>
+
+Type of the program to be used as an entry point to this domain.
 
 </td><td>
 No
@@ -177,7 +200,15 @@ No
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -186,7 +217,7 @@ No
 
 <h5>Summary</h5>
 <p>
-Summary is missing!
+Create a domain which can be started by init.
 </p>
 
 
@@ -195,10 +226,20 @@ Summary is missing!
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 
 <tr><td>
-?
+domain
 </td><td>
 
-Parameter descriptions are missing!
+Type to be used as a domain.
+
+</td><td>
+No
+</td></tr>
+
+<tr><td>
+entry_point
+</td><td>
+
+Type of the program to be used as an entry point to this domain.
 
 </td><td>
 No
@@ -826,6 +867,83 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>init_run_daemon</b>(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+
+<h5>Description</h5>
+<p>
+Start and stop daemon programs directly.
+</p>
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+The type of the process performing this action.
+
+</td><td>
+No
+</td></tr>
+
+<tr><td>
+role
+</td><td>
+
+The role to be performing this action.
+
+</td><td>
+No
+</td></tr>
+
+<tr><td>
+terminal
+</td><td>
+
+The type of the terminal of the user.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>init_rw_script_pid</b>(
@@ -997,7 +1115,15 @@ No
 		
 		
 		
-		?
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
 		
 	
 	)<br>
@@ -1006,7 +1132,8 @@ No
 
 <h5>Summary</h5>
 <p>
-Summary is missing!
+Create a domain for short running processes
+which can be started by init scripts.
 </p>
 
 
@@ -1015,10 +1142,20 @@ Summary is missing!
 <tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
 
 <tr><td>
-?
+domain
 </td><td>
 
-Parameter descriptions are missing!
+Type to be used as a domain.
+
+</td><td>
+No
+</td></tr>
+
+<tr><td>
+entry_point
+</td><td>
+
+Type of the program to be used as an entry point to this domain.
 
 </td><td>
 No

www/api-docs/system_iptables.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for iptables.</p>
+<p><p>Policy for iptables.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_libraries.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for system libraries.</p>
+<p><p>Policy for system libraries.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_locallogin.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for local logins.</p>
+<p><p>Policy for local logins.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_logging.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for the kernel message logger and system logging daemon.</p>
+<p><p>Policy for the kernel message logger and system logging daemon.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_lvm.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for logical volume management programs.</p>
+<p><p>Policy for logical volume management programs.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_miscfiles.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Miscelaneous files.</p>
+<p><p>Miscelaneous files.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_modutils.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for kernel module utilities</p>
+<p><p>Policy for kernel module utilities</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_mount.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for mount.</p>
+<p><p>Policy for mount.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_selinuxutil.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for SELinux policy and userland applications.</p>
+<p><p>Policy for SELinux policy and userland applications.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_sysnetwork.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for network configuration: ifconfig and dhcp client.</p>
+<p><p>Policy for network configuration: ifconfig and dhcp client.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_udev.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -120,7 +123,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for udev.</p>
+<p><p>Policy for udev.</p></p>
+
 
 
 <a name="interfaces"></a>

www/api-docs/system_unconfined.html

@@ -0,0 +1,395 @@
+<html>
+<head>
+<title>
+ Security Enhanced Linux Reference Policy
+ </title>
+<style type="text/css" media="all">@import "style.css";</style>
+</head>
+<body>
+<div id="Header">Security Enhanced Linux Reference Policy</div>
+<div id='Menu'>
+	
+		<a href="admin.html">+&nbsp;
+		admin</a></br/>
+		<div id='subitem'>
+		
+		</div>
+	
+		<a href="apps.html">+&nbsp;
+		apps</a></br/>
+		<div id='subitem'>
+		
+		</div>
+	
+		<a href="kernel.html">+&nbsp;
+		kernel</a></br/>
+		<div id='subitem'>
+		
+		</div>
+	
+		<a href="services.html">+&nbsp;
+		services</a></br/>
+		<div id='subitem'>
+		
+		</div>
+	
+		<a href="system.html">+&nbsp;
+		system</a></br/>
+		<div id='subitem'>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
+			authlogin</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
+			clock</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
+			corecommands</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
+			domain</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
+			files</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
+			fstools</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
+			getty</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
+			hostname</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
+			hotplug</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
+			init</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
+			iptables</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
+			libraries</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
+			locallogin</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
+			logging</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
+			lvm</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
+			miscfiles</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
+			modutils</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
+			mount</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
+			selinuxutil</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
+			sysnetwork</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
+			udev</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
+			userdomain</a><br/>
+		
+		</div>
+	
+	<br/><p/>
+	<a href="interfaces.html">*&nbsp;Interface Index</a>
+	<br/><p/>
+	<a href="templates.html">*&nbsp;Template Index</a>
+</div>
+
+<div id="Content">
+<a name="top":></a>
+<h1>Layer: system</h1><p/>
+<h2>Module: unconfined</h2><p/>
+
+
+<a href=#interfaces>Interfaces</a>
+<a href=#templates>Templates</a>
+
+
+<h3>Description:</h3>
+
+<p><p>The unconfined domain.</p></p>
+
+
+
+<a name="interfaces"></a>
+<h3>Interfaces: </h3>
+
+<div id="interface">
+
+
+<div id="codeblock">
+
+<b>unconfined_domtrans_shell</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Transition to the unconfined domain by executing a shell.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
+<div id="codeblock">
+
+<b>unconfined_role</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Add the unconfined domain to the specified role.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
+<div id="codeblock">
+
+<b>unconfined_rw_pipe</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Read and write unconfined domain unnamed pipes.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
+<div id="codeblock">
+
+<b>unconfined_sigchld</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Send a SIGCHLD signal to the unconfined domain.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
+<div id="codeblock">
+
+<b>unconfined_use_fd</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Inherit file descriptors from the unconfined domain.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+
+<a href=#top>Return</a>
+
+
+<a name="templates"></a>
+<h3>Templates: </h3>
+
+<div id="template">
+
+
+<div id="codeblock">
+
+<b>unconfined_domain_template</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+A template to make the specified domain unconfined.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain to make unconfined.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+
+<a href=#top>Return</a>
+
+
+</div>
+</body>
+</html>

www/api-docs/system_userdomain.html

@@ -100,6 +100,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -123,7 +126,8 @@
 
 <h3>Description:</h3>
 
-<p>Policy for user domains</p>
+<p><p>Policy for user domains</p></p>
+
 
 
 <a name="interfaces"></a>
@@ -671,6 +675,47 @@ No
 <div id="interface">
 
 
+<div id="codeblock">
+
+<b>userdom_unconfined</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+<div id="description">
+
+<h5>Summary</h5>
+<p>
+Unconfined access to user domains.
+</p>
+
+
+<h5>Parameters</h5>
+<table border="1" cellspacing="0" cellpadding="3" width="80%">
+<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
+
+<tr><td>
+domain
+</td><td>
+
+Domain allowed access.
+
+</td><td>
+No
+</td></tr>
+
+</table>
+</div>
+</div>
+
+<div id="interface">
+
+
 <div id="codeblock">
 
 <b>userdom_use_all_user_fd</b>(

www/api-docs/templates.html

@@ -169,6 +169,9 @@
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
 			udev</a><br/>
 		
+			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
+			unconfined</a><br/>
+		
 			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
 			userdomain</a><br/>
 		
@@ -471,6 +474,32 @@ The template to define a ssh server.
 
 </div>
 
+<div id="templatesmall">
+Module: <a href='system_unconfined.html'>
+unconfined</a><p/>
+Layer: <a href='system.html'>
+system</a><p/>
+<div id="codeblock">
+
+<b>unconfined_domain_template</b>(
+	
+		
+		
+		
+		domain
+		
+	
+	)<br>
+</div>
+
+<div id="description">
+<p>
+A template to make the specified domain unconfined.
+</p>
+</div>
+
+</div>
+
 <div id="templatesmall">
 Module: <a href='system_userdomain.html'>
 userdomain</a><p/>