#DESC Unconfined - Use to essentially disable SELinux for a particular program
# This domain will be useful as a workaround for e.g. third-party daemon software
# that has no policy, until one can be written for it.
#
# To use, label the executable with unconfined_exec_t, e.g.:
# chcon -t unconfined_exec_t /usr/local/bin/appsrv
# Or alternatively add it to /etc/security/selinux/src/policy/file_contexts/program/unconfined.fc

type unconfined_t, domain, privlog, admin, privmem, fs_domain, auth_write;
type unconfined_exec_t, file_type, sysadmfile, exec_type;
role sysadm_r types unconfined_t;
domain_auto_trans(sysadm_t, unconfined_exec_t, unconfined_t)
role system_r types unconfined_t;
domain_auto_trans(initrc_t, unconfined_exec_t, unconfined_t)
unconfined_domain(unconfined_t)