Now the module is like the following:
module who 1.0;
require {
attribute domain;
class file getattr;
class file execute;
class file entrypoint;
attribute file_type;
attribute exec_type;
type unconfined_t;
class process transition;
role unconfined_r; }
type who_t;
typeattribute who_t domain;
type who_exec_t;
typeattribute who_exec_t file_type;
typeattribute who_exec_t exec_type;
role unconfined_r types who_t;
type_transition unconfined_t who_exec_t:process who_t;
allow unconfined_t who_exec_t : file *;
allow unconfined_t who_t:process transition;
allow who_t who_exec_t: file entrypoint;
domain_auto_trans (sysadm_t, who_exec_t, who_t)
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
