unconfined: add a note about DBUS

Addresses https://github.com/SELinuxProject/refpolicy/issues/18 Signed-off-by: Jason Zaman <jason@perfinion.com>
author: Dominick Grift <dac.override@gmail.com> 2019-01-14 17:02:56 +0100
committer: Jason Zaman <jason@perfinion.com> 2019-02-10 12:11:25 +0800
commit: 225c4ac0012abcfff023e67b10fe4c31fa3a050a (patch)
tree: c6213f61df0134389ae387be19f14ca2db8170dd /policy/modules
parent: selinuxutil: allow restorecond to read symlinks (diff)
download: hardened-refpolicy-225c4ac0012abcfff023e67b10fe4c31fa3a050a.tar.gz
hardened-refpolicy-225c4ac0012abcfff023e67b10fe4c31fa3a050a.tar.bz2
hardened-refpolicy-225c4ac0012abcfff023e67b10fe4c31fa3a050a.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index 565e7129e..ad34a91c8 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -118,6 +118,11 @@ interface(`unconfined_domain_noaudit',`
 ##	<p>
 ##	Only completely trusted domains should use this interface.
 ##	</p>
+##	<p>
+##	Does not allow return communications from confined
+##	domains via message based mechanisms such as dbus or
+##	SysV message queues.
+##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
author	Dominick Grift <dac.override@gmail.com>	2019-01-14 17:02:56 +0100
committer	Jason Zaman <jason@perfinion.com>	2019-02-10 12:11:25 +0800
commit	225c4ac0012abcfff023e67b10fe4c31fa3a050a (patch)
tree	c6213f61df0134389ae387be19f14ca2db8170dd /policy/modules
parent	selinuxutil: allow restorecond to read symlinks (diff)
download	hardened-refpolicy-225c4ac0012abcfff023e67b10fe4c31fa3a050a.tar.gz hardened-refpolicy-225c4ac0012abcfff023e67b10fe4c31fa3a050a.tar.bz2 hardened-refpolicy-225c4ac0012abcfff023e67b10fe4c31fa3a050a.zip