policy_module(unconfined,1.0) ######################################## # # Declarations # # real declaration moved to mls until # range_transition works in loadable modules gen_require(` type unconfined_t; ') type unconfined_exec_t; init_system_domain(unconfined_t,unconfined_exec_t) role system_r types unconfined_t; ######################################## # # Local policy # unconfined_domain_template(unconfined_t) logging_send_syslog_msg(unconfined_t) ifdef(`targeted_policy',` # compatibility for switching from strict dominance { role secadm_r { role system_r; }} dominance { role sysadm_r { role system_r; }} dominance { role user_r { role system_r; }} dominance { role staff_r { role system_r; }} allow unconfined_t self:system syslog_read; dontaudit unconfined_t self:capability sys_module; # Define some type aliases to help with compatibility with # macros and domains from the "strict" policy. typealias unconfined_t alias { secadm_t sysadm_t }; files_create_boot_flag(unconfined_t) init_domtrans_script(unconfined_t) libs_domtrans_ldconfig(unconfined_t) logging_domtrans_auditctl(unconfined_t) seutil_domtrans_restorecon(unconfined_t) userdom_unconfined(unconfined_t) userdom_priveleged_home_dir_manager(unconfined_t) optional_policy(`amanda.te',` amanda_domtrans_recover(unconfined_t) ') optional_policy(`apache.te',` apache_domtrans_helper(unconfined_t) ') optional_policy(`bind.te',` bind_domtrans_ndc(unconfined_t) ') optional_policy(`bluetooth.te',` bluetooth_domtrans_helper(unconfined_t) ') optional_policy(`dmidecode.te',` dmidecode_domtrans(unconfined_t) ') optional_policy(`firstboot.te',` firstboot_domtrans(unconfined_t) ') optional_policy(`lpd.te',` lpd_domtrans_checkpc(unconfined_t) ') optional_policy(`modutils.te',` modutils_domtrans_depmod(unconfined_t) modutils_domtrans_insmod(unconfined_t) modutils_domtrans_update_mods(unconfined_t) ') optional_policy(`netutils.te',` netutils_domtrans(unconfined_t) netutils_domtrans_ping(unconfined_t) netutils_domtrans_traceroute(unconfined_t) ') optional_policy(`portmap.te',` portmap_domtrans_helper(unconfined_t) ') optional_policy(`postfix.te',` postfix_domtrans_map(unconfined_t) ') optional_policy(`rpm.te',` rpm_domtrans(unconfined_t) ') optional_policy(`samba.te',` samba_domtrans_net(unconfined_t) samba_domtrans_winbind_helper(unconfined_t) ') optional_policy(`su.te',` su_per_userdomain_template(sysadm,unconfined_t,system_r) ') optional_policy(`usermanage.te',` usermanage_domtrans_admin_passwd(unconfined_t) ') optional_policy(`webalizer.te',` webalizer_domtrans(unconfined_t) ') ifdef(`TODO',` ifdef(`use_mcs',` rw_dir_create_file(sysadm_su_t, home_dir_type) ') ') dnl end TODO # FIXME: typeattribute unconfined_t direct_run_init; ')