[selinux-policy: 2444/3172] Improve the documentation of unconfined_domain().
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:37:00 UTC 2010
commit 14e543cb1caa3bcd785443989a805e53c31f6e05
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Feb 26 13:47:17 2010 -0500
Improve the documentation of unconfined_domain().
policy/modules/system/unconfined.if | 20 +++++++++++++-------
1 files changed, 13 insertions(+), 7 deletions(-)
---
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index 5533ca1..c11cb30 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -101,9 +101,20 @@ interface(`unconfined_domain_noaudit',`
########################################
## <summary>
## Make the specified domain unconfined and
-## audit executable memory and executable heap
-## usage.
+## audit executable heap usage.
## </summary>
+## <desc>
+## <p>
+## Make the specified domain unconfined and
+## audit executable heap usage. With exception
+## of memory protections, usage of this interface
+## will result in the level of access the domain has
+## is like SELinux was not being used.
+## </p>
+## <p>
+## Only completely trusted domains should use this interface.
+## </p>
+## </desc>
## <param name="domain">
## <summary>
## Domain to make unconfined.
@@ -116,11 +127,6 @@ interface(`unconfined_domain',`
tunable_policy(`allow_execheap',`
auditallow $1 self:process execheap;
')
-
-# Turn off this audit for FC5
-# tunable_policy(`allow_execmem',`
-# auditallow $1 self:process execmem;
-# ')
')
########################################
More information about the scm-commits
mailing list