On 11/07/2016 10:11 AM, mm19827 wrote: > > > On 11/07/2016 04:01 PM, Stephen Smalley wrote: >> >> I suppose that's true, depending on what it is that you have to allow >> between foo_t and bar_t, e.g. you can allow foo_t to connect to a bar_t >> socket or similar without allowing it to connect to unconfined_t >> sockets. > Exactly. > > If you truly want bar_t to be unconfined, you can always just >> have it call the unconfined_domain() interface in refpolicy, e.g. >> unconfined_domain(bar_t), and it will inherit all of the unconfined >> domain rules. >> > Thanks for the info. > It would be great (and this would be my last question), if you could > give a pointer to a complete documentation of refpolicy macros and > interfaces - I could find the kernel rules, and that it makes use of m4 > macros, but not a complete documentation. http://oss.tresys.com/docs/refpolicy/api/ It is generated from the refpolicy sources. refpolicy mailing list is a better place to ask questions about refpolicy, see http://oss.tresys.com/mailman/listinfo/refpolicy _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
