selinux-refpolicy/policy/modules/system/unconfined.fc
bauen1 77f891c7bf
Remove the ada module, it is unecessary and not touched since ~2008
It is only used to allow the compiler execmem / execstack but we have
unconfined_execmem_t for that.

Signed-off-by: bauen1 <j2468h@gmail.com>
2020-06-15 14:47:14 +02:00

27 lines
1.3 KiB
Plaintext

# Add programs here which should not be confined by SELinux
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
/usr/bin/gnatbind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/gnatls -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/gnatmake -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_exec_t,s0)
/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
ifdef(`distro_debian',`
/usr/bin/gcj-dbtool-4\.1 -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/gij-4\.1 -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/lib/openoffice/program/soffice\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
')
ifdef(`distro_gentoo',`
/usr/lib/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
')