1 files changed, 21 insertions, 0 deletions

diff --git a/policy/modules/system/unconfined.fc b/policy/modules/system/unconfined.fc
new file mode 100644
index 00000000..4902c116
--- /dev/null
+++ b/policy/modules/system/unconfined.fc
@@ -0,0 +1,21 @@
+# Add programs here which should not be confined by SELinux
+# e.g.:
+# /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
+# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
+/usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/bin/vncserver		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
+
+/usr/lib/ia32el/ia32x_loader 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+
+/usr/local/RealPlayer/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+
+ifdef(`distro_debian',`
+/usr/bin/gcj-dbtool-4\.1	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/bin/gij-4\.1		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/lib/openoffice/program/soffice\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+')
+
+ifdef(`distro_gentoo',`
+/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+')