[selinux-policy: 1540/3172] add 3rd party interface for transition out of unconfined
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:18:21 UTC 2010
commit 85311bfffc6a43696450a0f10701c6760fb2308b
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Jul 10 13:31:28 2006 +0000
add 3rd party interface for transition out of unconfined
refpolicy/policy/modules/system/unconfined.if | 38 +++++++++++++++++++++++++
1 files changed, 38 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if
index f72a25f..e2f4bc5 100644
--- a/refpolicy/policy/modules/system/unconfined.if
+++ b/refpolicy/policy/modules/system/unconfined.if
@@ -186,6 +186,44 @@ interface(`unconfined_shell_domtrans',`
########################################
## <summary>
+## Allow unconfined to execute the specified program in
+## the specified domain.
+## </summary>
+## <desc>
+## <p>
+## Allow unconfined to execute the specified program in
+## the specified domain.
+## </p>
+## <p>
+## This is a interface to support third party modules
+## and its use is not allowed in upstream reference
+## policy.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain to execute in.
+## </summary>
+## </param>
+## <param name="entry_file">
+## <summary>
+## Domain entry point file.
+## </summary>
+## </param>
+#
+interface(`unconfined_domtrans_to',`
+ gen_require(`
+ type unconfined_t;
+ ')
+
+ domain_auto_trans(unconfined_t,$2,$1)
+ allow $1 unconfined_t:fd use;
+ allow $1 unconfined_t:fifo_file rw_file_perms;
+ allow $1 unconfined_t:process sigchld;
+')
+
+########################################
+## <summary>
## Inherit file descriptors from the unconfined domain.
## </summary>
## <param name="domain">
More information about the scm-commits
mailing list