selinux-policy/refpolicy/policy/modules/system/unconfined.te

policy_module(unconfined,1.0)

########################################
#
# Declarations
#

type unconfined_t;
type unconfined_exec_t;
init_system_domain(unconfined_t,unconfined_exec_t)
role system_r types unconfined_t;

########################################
#
# Local policy
#

unconfined_domain_template(unconfined_t)

logging_send_syslog_msg(unconfined_t)

#role sysadm_r types unconfined_t;
#domain_auto_trans(sysadm_t, unconfined_exec_t, unconfined_t)

ifdef(`targeted_policy',`
	allow unconfined_t self:system syslog_read;

	# Define some type aliases to help with compatibility with
	# macros and domains from the "strict" policy.
#	typealias unconfined_t alias { logrotate_t sendmail_t sshd_t secadm_t sysadm_t rpm_t rpm_script_t xdm_t };

	init_domtrans_script(unconfined_t)

	userdom_unconfined(unconfined_t)

	ifdef(`TODO',`
	#cjp: why is this needed?
	ifdef(`samba.te', `samba_domain(user)')
	') dnl end TODO
')