diff --git a/modules-mls.conf b/modules-mls.conf index 5525889d..89fc9e71 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -11,95 +11,6 @@ # as individual loadable modules. # -# Layer: kernel -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: kernel -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Layer: kernel -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Layer: kernel -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: kernel -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Layer: kernel -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Layer: kernel -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: kernel -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Layer: kernel -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: kernel -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - # Layer: admin # Module: acct # @@ -108,81 +19,25 @@ corecommands = base acct = base # Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = base - -# Layer: admin -# Module: rpm -# -# Policy for the RPM package manager. -# -rpm = base - -# Layer: admin -# Module: readahead -# -# Readahead, read files into page cache for improved performance -# -readahead = base - -# Layer: apps # Module: alsa # -# alsa - Configure sound +# Ainit ALSA configuration tool # alsa = base -# Layer: admin -# Module: kudzu +# Layer: apps +# Module: ada # -# Hardware detection and configuration tools +# ada executable # -kudzu = base +ada = module -# Layer: admin -# Module: updfstab +# Layer: modules +# Module: awstats # -# Red Hat utility to change /etc/fstab. +# awstats executable # -updfstab = base - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = base - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = module - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = base - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = base - -# Layer: admin -# Module: anaconda -# -# Policy for the Anaconda installer. -# -anaconda = base +awstats = module # Layer: admin # Module: amanda @@ -191,470 +46,26 @@ anaconda = base # amanda = module -# Layer: admin -# Module: logrotate +# Layer: services +# Module: afs # -# Rotate and archive system logs +# Andrew Filesystem server # -logrotate = base +afs = module + +# Layer: services +# Module: amavis +# +# Anti-virus +# +amavis = module # Layer: admin -# Module: quota +# Module: anaconda # -# File system quota management +# Policy for the Anaconda installer. # -quota = base - -# Layer: admin -# Module: consoletype -# -# Determine of the console connected to the controlling terminal. -# -consoletype = base - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = base - -# Layer: admin -# Module: firstboot -# -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. -# -firstboot = base - -# Layer: admin -# Module: certwatch -# -# Digital Certificate Tracking -# -certwatch = module - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = module - -# Layer: admin -# Module: dmidecode -# -# Decode DMI data for x86/ia64 bioses. -# -dmidecode = base - -# Layer: apps -# Module: gpg -# -# Policy for GNU Privacy Guard and related programs. -# -gpg = module - -# Layer: apps -# Module: loadkeys -# -# Load keyboard mappings. -# -loadkeys = base - -# Layer: apps -# Module: webalizer -# -# Web server log analysis -# -webalizer = module - -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = base - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Layer: services -# Module: nis -# -# Policy for NIS (YP) servers and clients -# -nis = module - -# Layer: services -# Module: distcc -# -# Distributed compiler daemon -# -distcc = off - -# Layer: services -# Module: rshd -# -# Remote shell service. -# -rshd = module - -# Layer: services -# Module: cpucontrol -# -# Services for loading CPU microcode and CPU frequency scaling. -# -cpucontrol = base - -# Layer: services -# Module: vbetool -# -# run real-mode video BIOS code to alter hardware state -# -vbetool = base - -# Layer: services -# Module: bind -# -# Berkeley internet name domain DNS server. -# -bind = module - -# Layer: services -# Module: canna -# -# Canna - kana-kanji conversion server -# -canna = module - -# Layer: services -# Module: uucp -# -# Unix to Unix Copy -# -uucp = module - -# Layer: services -# Module: sasl -# -# SASL authentication server -# -sasl = module - -# Layer: services -# Module: pegasus -# -# The Open Group Pegasus CIM/WBEM Server. -# -pegasus = module - -# Layer: services -# Module: cron -# -# Periodic execution of scheduled commands. -# -cron = base - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = base - -# Layer: services -# Module: samba -# -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. -# -samba = module - -# Layer: services -# Module: dbus -# -# Desktop messaging bus -# -dbus = base - -# Layer: services -# Module: howl -# -# Port of Apple Rendezvous multicast DNS -# -howl = module - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = module - -# Layer: services -# Module: snmp -# -# Simple network management protocol services -# -snmp = module - -# Layer: services -# Module: remotelogin -# -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = module - -# Layer: services -# Module: irqbalance -# -# IRQ balancing daemon -# -irqbalance = base - -# Layer: services -# Module: mailman -# -# Mailman is for managing electronic mail discussion and e-newsletter lists -# -mailman = module - -# Layer: services -# Module: dbskk -# -# Dictionary server for the SKK Japanese input method system. -# -dbskk = module - -# Layer: services -# Module: ldap -# -# OpenLDAP directory server -# -ldap = module - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = module - -# Layer: services -# Module: portmap -# -# RPC port mapping service. -# -portmap = module - -# Layer: services -# Module: arpwatch -# -# Ethernet activity monitor. -# -arpwatch = module - -# Layer: services -# Module: dovecot -# -# Dovecot POP and IMAP mail server -# -dovecot = module - -# Layer: services -# Module: cups -# -# Common UNIX printing system -# -cups = module - -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = base - -# Layer: services -# Module: inn -# -# Internet News NNTP server -# -inn = module - -# Layer: services -# Module: sysstat -# -# Policy for sysstat. Reports on various system states -# -sysstat = module - -# Layer: services -# Module: comsat -# -# Comsat, a biff server. -# -comsat = module - -# Layer: services -# Module: squid -# -# Squid caching http proxy server -# -squid = module - -# Layer: services -# Module: zebra -# -# Zebra border gateway protocol network routing service -# -zebra = module - -# Layer: services -# Module: xfs -# -# X Windows Font Server -# -xfs = off - -# Layer: services -# Module: ktalk -# -# KDE Talk daemon -# -ktalk = module - -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = module - -# Layer: services -# Module: lpd -# -# Line printer daemon -# -lpd = module - -# Layer: services -# Module: cyrus -# -# Cyrus is an IMAP service intended to be run on sealed servers -# -cyrus = module - -# Layer: services -# Module: rdisc -# -# Network router discovery daemon -# -rdisc = module - -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = base - -# Layer: services -# Module: nscd -# -# Name service cache daemon -# -nscd = base - -# Layer: services -# Module: ppp -# -# Point to Point Protocol daemon creates links in ppp networks -# -ppp = module - -# Layer: services -# Module: ftp -# -# File transfer protocol service -# -ftp = module - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = module - -# Layer: services -# Module: mta -# -# Policy common to all email tranfer agents. -# -mta = base - -# Layer: services -# Module: postfix -# -# Postfix email server -# -postfix = module - -# Layer: services -# Module: fetchmail -# -# Remote-mail retrieval and forwarding utility -# -fetchmail = module - -# Layer: services -# Module: ntp -# -# Network time protocol daemon -# -ntp = module - -# Layer: services -# Module: bluetooth -# -# Bluetooth tools and system services. -# -bluetooth = module - -# Layer: services -# Module: hal -# -# Hardware abstraction layer -# -hal = base - -# Layer: services -# Module: avahi -# -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture -# -avahi = module - -# Layer: services -# Module: rpc -# -# Remote Procedure Call Daemon for managment of network based process communication -# -rpc = base +anaconda = base # Layer: services # Module: apache @@ -663,90 +74,6 @@ rpc = base # apache = module -# Layer: services -# Module: rsync -# -# Fast incremental file transfer for synchronization -# -rsync = module - -# Layer: services -# Module: automount -# -# Filesystem automounter service. -# -automount = module - -# Layer: services -# Module: kerberos -# -# MIT Kerberos admin and KDC -# -kerberos = module - -# Layer: services -# Module: dhcp -# -# Dynamic host configuration protocol (DHCP) server -# -dhcp = module - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = base - -# Layer: services -# Module: inetd -# -# Internet services daemon. -# -inetd = base - -# Layer: services -# Module: mysql -# -# Policy for MySQL -# -mysql = module - -# Layer: services -# Module: dictd -# -# Dictionary daemon -# -dictd = module - -# Layer: services -# Module: finger -# -# Finger user information service. -# -finger = module - -# Layer: services -# Module: radius -# -# RADIUS authentication and accounting server. -# -radius = module - -# Layer: services -# Module: spamassassin -# -# Filter used for removing unsolicited email. -# -spamassassin = module - -# Layer: services -# Module: radvd -# -# IPv6 router advertisement daemon -# -radvd = module - # Layer: services # Module: apm # @@ -763,25 +90,199 @@ apm = base application = base # Layer: services -# Module: tcpd +# Module: arpwatch # -# Policy for TCP daemon. +# Ethernet activity monitor. # -tcpd = module +arpwatch = module # Layer: services -# Module: stunnel +# Module: audioentropy # -# SSL Tunneling Proxy +# Generate entropy from audio input # -stunnel = module +audioentropy = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = base # Layer: services -# Module: privoxy +# Module: automount # -# Privacy enhancing web proxy. +# Filesystem automounter service. # -privoxy = module +automount = module + +# Layer: services +# Module: avahi +# +# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture +# +avahi = module + +# Layer: services +# Module: bind +# +# Berkeley internet name domain DNS server. +# +bind = module + +# Layer: services +# Module: dnsmasq +# +# A lightweight DHCP and caching DNS server. +# +dnsmasq = module + +# Layer: services +# Module: bluetooth +# +# Bluetooth tools and system services. +# +bluetooth = module + +# Layer: kernel +# Module: ubac +# +# +# +ubac = base + +# +# Layer: kernel +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = base + + +# Layer: services +# Module: canna +# +# Canna - kana-kanji conversion server +# +canna = module + +# Layer: services +# Module: ccs +# +# policy for ccs +# +ccs = module + +# Layer: apps +# Module: calamaris +# +# +# Squid log analysis +# +calamaris = module + +# Layer: apps +# Module: cdrecord +# +# Policy for cdrecord +# +cdrecord = module + +# Layer: admin +# Module: certwatch +# +# Digital Certificate Tracking +# +certwatch = module + +# Layer: admin +# Module: certmaster +# +# Digital Certificate master +# +certmaster = module + +# Layer: services +# Module: cipe +# +# Encrypted tunnel daemon +# +cipe = module + +# Layer: services +# Module: comsat +# +# Comsat, a biff server. +# +comsat = module + +# Layer: services +# Module: clamav +# +# ClamAV Virus Scanner +# +clamav = module + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = base + +# Layer: services +# Module: consolekit +# +# ConsoleKit is a system daemon for tracking what users are logged +# +consolekit = module + +# Layer: admin +# Module: consoletype +# +# Determine of the console connected to the controlling terminal. +# +consoletype = base + +# Layer: kernel +# Module: corecommands +# Required in base +# +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. +# +corecommands = base + +# Layer: kernel +# Module: corenetwork +# Required in base +# +# Policy controlling access to network objects +# +corenetwork = base + +# Layer: services +# Module: cpucontrol +# +# Services for loading CPU microcode and CPU frequency scaling. +# +cpucontrol = base + +# Layer: services +# Module: cron +# +# Periodic execution of scheduled commands. +# +cron = base + +# Layer: services +# Module: cups +# +# Common UNIX printing system +# +cups = module # Layer: services # Module: cvs @@ -791,19 +292,177 @@ privoxy = module cvs = module # Layer: services -# Module: rlogin +# Module: cyphesis # -# Remote login daemon +# cyphesis game server # -rlogin = module +cyphesis = module + +# Layer: services +# Module: cyrus +# +# Cyrus is an IMAP service intended to be run on sealed servers +# +cyrus = module # Layer: system -# Module: application +# Module: daemontools +# +# Collection of tools for managing UNIX services +# +daemontools = module + +# Layer: services +# Module: dbskk +# +# Dictionary server for the SKK Japanese input method system. +# +dbskk = module + +# Layer: services +# Module: dbus +# +# Desktop messaging bus +# +dbus = base + +# Layer: services +# Module: dcc +# +# A distributed, collaborative, spam detection and filtering network. +# +dcc = module + +# Layer: admin +# Module: ddcprobe +# +# ddcprobe retrieves monitor and graphics card information +# +ddcprobe = off + +# Layer: kernel +# Module: devices # Required in base # -# Defines attributs and interfaces for all user applications +# Device nodes and interfaces for many basic system devices. # -application = base +devices = base + +# Layer: services +# Module: dhcp +# +# Dynamic host configuration protocol (DHCP) server +# +dhcp = module + +# Layer: services +# Module: dictd +# +# Dictionary daemon +# +dictd = module + +# Layer: services +# Module: distcc +# +# Distributed compiler daemon +# +distcc = off + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = base + +# Layer: admin +# Module: dmidecode +# +# Decode DMI data for x86/ia64 bioses. +# +dmidecode = base + +# Layer: system +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: services +# Module: dovecot +# +# Dovecot POP and IMAP mail server +# +dovecot = module + +# Layer: apps +# Module: gpg +# +# Policy for GNU Privacy Guard and related programs. +# +gpg = off + +# Layer: services +# Module: gpm +# +# General Purpose Mouse driver +# +gpm = module + +# Layer: apps +# Module: ethereal +# +# Ethereal packet capture tool. +# +ethereal = module + +# Layer: services +# Module: fail2ban +# +# daiemon that bans IP that makes too many password failures +# +fail2ban = module + +# Layer: services +# Module: fetchmail +# +# Remote-mail retrieval and forwarding utility +# +fetchmail = module + +# Layer: kernel +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Layer: kernel +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Layer: services +# Module: finger +# +# Finger user information service. +# +finger = module + +# Layer: admin +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +firstboot = base # Layer: system # Module: fstools @@ -812,19 +471,19 @@ application = base # fstools = base -# Layer: system -# Module: logging +# Layer: services +# Module: ftp # -# Policy for the kernel message logger and system logging daemon. +# File transfer protocol service # -logging = base +ftp = module -# Layer: system -# Module: hostname +# Layer: apps +# Module: games # -# Policy for changing the system host name. +# The Open Group Pegasus CIM/WBEM Server. # -hostname = base +games = module # Layer: system # Module: getty @@ -833,82 +492,41 @@ hostname = base # getty = base -# Layer: system -# Module: lvm +# Layer: apps +# Module: gnome # -# Policy for logical volume management programs. +# gnome session and gconf # -lvm = base +gnome = module + +# Layer: services +# Module: gnomeclock +# +# gnomeclock used by dbus/polkit to set time +# +gnomeclock = module + +# Layer: services +# Module: hal +# +# Hardware abstraction layer +# +hal = module + +# Layer: services +# Module: polkit +# +# Hardware abstraction layer +# +polkit = module # Layer: system -# Module: sysnetwork +# Module: hostname # -# Policy for network configuration: ifconfig and dhcp client. +# Policy for changing the system host name. # -sysnetwork = base +hostname = base -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = base - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = base - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = base - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = base - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = base - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = base - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = base - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = base - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = base # Layer: system # Module: hotplug @@ -918,19 +536,33 @@ modutils = base # hotplug = base -# Layer: system -# Module: clock +# Layer: services +# Module: howl # -# Policy for reading and setting the hardware clock. +# Port of Apple Rendezvous multicast DNS # -clock = base +howl = module + +# Layer: services +# Module: inetd +# +# Internet services daemon. +# +inetd = base # Layer: system -# Module: locallogin +# Module: init # -# Policy for local logins. +# System initialization programs (init and init scripts). # -locallogin = base +init = base + +# Layer: services +# Module: inn +# +# Internet News NNTP server +# +inn = module # Layer: system # Module: iptables @@ -939,27 +571,6 @@ locallogin = base # iptables = base -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = base - -# Layer: system -# Module: unconfined -# -# The unconfined domain. -# -unconfined = off - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = base - # Layer: system # Module: ipsec # @@ -967,6 +578,42 @@ miscfiles = base # ipsec = module +# Layer: apps +# Module: irc +# +# IRC client policy +# +irc = module + +# Layer: services +# Module: irqbalance +# +# IRQ balancing daemon +# +irqbalance = base + +# Layer: system +# Module: iscsi +# +# Open-iSCSI daemon +# +iscsi = module + +# Layer: services +# Module: i18n_input +# +# IIIMF htt server +# +i18n_input = off + + +# Layer: services +# Module: jabber +# +# Jabber instant messaging server +# +jabber = module + # Layer: apps # Module: java # @@ -975,18 +622,83 @@ ipsec = module java = module # Layer: services -# Module: prelink +# Module: kerberos # -# prelink executable +# MIT Kerberos admin and KDC # -prelink = base +kerberos = module + +# Layer: kernel +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Layer: services +# Module: ktalk +# +# KDE Talk daemon +# +ktalk = module + +# Layer: admin +# Module: kudzu +# +# Hardware detection and configuration tools +# +kudzu = base + + +# Layer: services +# Module: ldap +# +# OpenLDAP directory server +# +ldap = module + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = base # Layer: apps -# Module: slocate +# Module: loadkeys # -# locate executable +# Load keyboard mappings. # -slocate = module +loadkeys = base + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = base + +# Layer: apps +# Module: lockdev +# +# device locking policy for lockdev +# +lockdev = module + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = base + +# Layer: admin +# Module: logrotate +# +# Rotate and archive system logs +# +logrotate = base # Layer: services # Module: logwatch @@ -995,6 +707,479 @@ slocate = module # logwatch = base +# Layer: services +# Module: lpd +# +# Line printer daemon +# +lpd = module + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = base + +# Layer: services +# Module: mailman +# +# Mailman is for managing electronic mail discussion and e-newsletter lists +# +mailman = module + +# Layer: services +# Module: mailscanner +# +# Anti-Virus and Anti-Spam Filter +# +mailscanner = module + +# Layer: kernel +# Module: mcs +# Required in base +# +# MultiCategory security policy +# +mcs = base + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = base + +# Layer: kernel +# Module: mls +# Required in base +# +# Multilevel security policy +# +mls = base + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = base + +# Layer: apps +# Module: mono +# +# mono executable +# +mono = module + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = base + +# Layer: apps +# Module: mozilla +# +# Policy for Mozilla and related web browsers +# +mozilla = module + +# Layer: apps +# Module: nsplugin +# +# Policy for nspluginwrapper +# +nsplugin = module + +# Layer: apps +# Module: mplayer +# +# Policy for Mozilla and related web browsers +# +mplayer = module + +# Layer: apps +# Module: gpg +# +# Policy for Mozilla and related web browsers +# +gpg = module + +# Layer: admin +# Module: mrtg +# +# Network traffic graphing +# +mrtg = module + +# Layer: services +# Module: mta +# +# Policy common to all email tranfer agents. +# +mta = base + +# Layer: services +# Module: mysql +# +# Policy for MySQL +# +mysql = module + +# Layer: services +# Module: nagios +# +# policy for nagios Host/service/network monitoring program +# +nagios = module + +# Layer: admin +# Module: netutils +# +# Network analysis utilities +# +netutils = base + +# Layer: services +# Module: networkmanager +# +# Manager for dynamically switching between networks. +# +networkmanager = base + +# Layer: services +# Module: nis +# +# Policy for NIS (YP) servers and clients +# +nis = module + + +# Layer: services +# Module: nscd +# +# Name service cache daemon +# +nscd = base + + +# Layer: services +# Module: ntp +# +# Network time protocol daemon +# +ntp = module + +# Layer: services +# Module: nx +# +# NX Remote Desktop +# +nx = module + + +# Layer: services +# Module: oddjob +# +# policy for oddjob +# +oddjob = module + +# Layer: services +# Module: openct +# +# Service for handling smart card readers. +# +openct = off + +# Layer: services +# Module: openvpn +# +# Policy for OPENVPN full-featured SSL VPN solution +# +openvpn = module + + +# Layer: service +# Module: pcscd +# +# PC/SC Smart Card Daemon +# +pcscd = module + +# Layer: service +# Module: openct +# +# Middleware framework for smart card terminals +# +openct = module + +# Layer: system +# Module: pcmcia +# +# PCMCIA card management services +# +pcmcia = base + +# Layer: services +# Module: pegasus +# +# The Open Group Pegasus CIM/WBEM Server. +# +pegasus = module + +# Layer: services +# Module: postgresql +# +# PostgreSQL relational database +# +postgresql = module + +# Layer: services +# Module: portmap +# +# RPC port mapping service. +# +portmap = module + +# Layer: services +# Module: postfix +# +# Postfix email server +# +postfix = module + +o# Layer: services +# Module: postgrey +# +# email scanner +# +postgrey = module + +# Layer: services +# Module: ppp +# +# Point to Point Protocol daemon creates links in ppp networks +# +ppp = module + +# Layer: admin +# Module: prelink +# +# Manage temporary directory sizes and file ages +# +prelink = base + +# Layer: services +# Module: procmail +# +# Procmail mail delivery agent +# +procmail = module + +# Layer: services +# Module: privoxy +# +# Privacy enhancing web proxy. +# +privoxy = module + +# Layer: services +# Module: publicfile +# +# publicfile supplies files to the public through HTTP and FTP +# +publicfile = module + +# Layer: services +# Module: pyzor +# +# Spam Blocker +# +pyzor = module + + +# Layer: services +# Module: qmail +# +# Policy for qmail +# +qmail = module + +# Layer: admin +# Module: quota +# +# File system quota management +# +quota = base + +# Layer: system +# Module: raid +# +# RAID array management tools +# +raid = base + +# Layer: services +# Module: radius +# +# RADIUS authentication and accounting server. +# +radius = module + +# Layer: services +# Module: radvd +# +# IPv6 router advertisement daemon +# +radvd = module + +# Layer: services +# Module: razor +# +# A distributed, collaborative, spam detection and filtering network. +# +razor = module + +# Layer: admin +# Module: readahead +# +# Readahead, read files into page cache for improved performance +# +readahead = base + +# Layer: services +# Module: rhgb +# +# X windows login display manager +# +rhgb = module + +# Layer: services +# Module: rdisc +# +# Network router discovery daemon +# +rdisc = module + +# Layer: services +# Module: remotelogin +# +# Policy for rshd, rlogind, and telnetd. +# +remotelogin = module + +# Layer: services +# Module: ricci +# +# policy for ricci +# +ricci = module + +# Layer: services +# Module: rlogin +# +# Remote login daemon +# +rlogin = module + +# Layer: services +# Module: roundup +# +# Roundup Issue Tracking System policy +# +roundup = module + +# Layer: services +# Module: rpc +# +# Remote Procedure Call Daemon for managment of network based process communication +# +rpc = base + +# Layer: admin +# Module: rpm +# +# Policy for the RPM package manager. +# +rpm = base + + +# Layer: services +# Module: rshd +# +# Remote shell service. +# +rshd = module + +# Layer: services +# Module: rsync +# +# Fast incremental file transfer for synchronization +# +rsync = module + +# Layer: services +# Module: rwho +# +# who is logged in on local machines +# +rwho = module + +# Layer: services +# Module: sasl +# +# SASL authentication server +# +sasl = module + +# Layer: services +# Module: sendmail +# +# Policy for sendmail. +# +sendmail = base + +# Layer: services +# Module: samba +# +# SMB and CIFS client/server programs for UNIX and +# name Service Switch daemon for resolving names +# from Windows NT servers. +# +samba = module + +# Layer: apps +# Module: sambagui +# +# policy for system-config-samba +# +sambagui = module + +# Layer: apps +# Module: screen +# +# GNU terminal multiplexer +# +screen = module + +# Layer: kernel +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = base + # Layer: system # Module: setrans # Required in base @@ -1011,11 +1196,18 @@ setrans = base setroubleshoot = base # Layer: services -# Module: openvpn +# Module: slrnpull # -# Policy for OPENVPN full-featured SSL VPN solution +# Service for downloading news feeds the slrn newsreader. # -openvpn = module +slrnpull = off + +# Layer: apps +# Module: slocate +# +# Update database for mlocate +# +slocate = module # Layer: services # Module: smartmon @@ -1024,126 +1216,174 @@ openvpn = module # smartmon = module -# Layer: system -# Module: netlabel -# Required in base +# Layer: services +# Module: snmp # -# Basic netlabel types and interfaces. +# Simple network management protocol services # -netlabel = module +snmp = module # Layer: services -# Module: aide +# Module: spamassassin # -# Policy for aide +# Filter used for removing unsolicited email. # -aide = module +spamassassin = module -# Layer: service -# Module: pcscd +# Layer: services +# Module: squid # -# PC/SC Smart Card Daemon -# -pcscd = module - -# Layer: service -# Module: openct +# Squid caching http proxy server # -# Middleware framework for smart card terminals -# -openct = module +squid = module -# Layer: system -# Module: tzdata +# Layer: services +# Module: ssh # -# Policy for tzdata-update +# Secure shell client and server policy. # -tzdata = base +ssh = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Layer: services +# Module: stunnel +# +# SSL Tunneling Proxy +# +stunnel = module # Layer: admin -# Module: amtu +# Module: su # -# Abstract Machine Test Utility (AMTU) +# Run shells with substitute user and group # -amtu = module +su = base + +# Layer: admin +# Module: sudo +# +# Execute a command with a substitute user +# +sudo = base + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = base + # Layer: services -# Module: prelude +# Module: sysstat # +# Policy for sysstat. Reports on various system states # -# -prelude = module - -# Layer: role -# Module: secadm -# -# Root role used to manage selinux -# -secadm = module - -# Layer: role -# Module: auditadm -# -# Root role used to manage audit system -# -auditadm = module - -# Layer:role -# Module: staff -# -# admin account -# -staff = base - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = base - -# Layer: role -# Module: unprivuser -# -# user account -# -unprivuser = base - -# Layer: role -# Module: guest -# -# Minimally privs guest account on tty logins -# -guest = module - -# Layer: role -# Module: xguest -# -# Minimally privs guest account on X Windows logins -# -xguest = module +sysstat = module # Layer: services -# Module: courier +# Module: tcpd # -# IMAP and POP3 email servers +# Policy for TCP daemon. # -courier = module +tcpd = module + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = base # Layer: services -# Module: rpcbind +# Module: ulogd # -# universal addresses to RPC program number mapper # -rpcbind = module +# +ulogd = module +# Layer: apps +# Module: wine +# +# wine executable +# +wine = module # Layer: apps # Module: wm # # X windows window manager # -#wm = module +wm = module + +# Layer: admin +# Module: tzdata +# +# Policy for tzdata-update +# +tzdata = base + +# Layer: apps +# Module: userhelper +# +# A helper interface to pam. +# +userhelper = module + +# Layer: services +# Module: tor +# +# TOR, the onion router +# +tor = module + +# Layer: apps +# Module: tvtime +# +# tvtime - a high quality television application +# +tvtime = module + +# Layer: apps +# Module: uml +# +# Policy for UML +# +uml = module + +# Layer: admin +# Module: usbmodules +# +# List kernel modules of USB devices +# +usbmodules = module + +# Layer: apps +# Module: usernetctl +# +# User network interface configuration helper +# +usernetctl = module + +# Layer: system +# Module: xen +# +# virtualization software +# +xen = module # Layer: services # Module: virt @@ -1166,6 +1406,320 @@ qemu = module # brctl = base +# Layer: services +# Module: telnet +# +# Telnet daemon +# +telnet = module + +# Layer: services +# Module: timidity +# +# MIDI to WAV converter and player configured as a service +# +timidity = off + +# Layer: services +# Module: tftp +# +# Trivial file transfer protocol daemon +# +tftp = module + +# Layer: services +# Module: uucp +# +# Unix to Unix Copy +# +uucp = module + +# Layer: services +# Module: vbetool +# +# run real-mode video BIOS code to alter hardware state +# +vbetool = base + +# Layer: apps +# Module: webalizer +# +# Web server log analysis +# +webalizer = module + +# Layer: services +# Module: xfs +# +# X Windows Font Server +# +xfs = module + +# Layer: services +# Module: xserver +# +# X windows login display manager +# +xserver = base + +# Layer: services +# Module: zebra +# +# Zebra border gateway protocol network routing service +# +zebra = module + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = base + +# Layer: admin +# Module: updfstab +# +# Red Hat utility to change /etc/fstab. +# +updfstab = base + +# Layer: admin +# Module: vpn +# +# Virtual Private Networking client +# +vpn = module + +# Layer: admin +# Module: vbetool +# +# run real-mode video BIOS code to alter hardware state +# +vbetool = base + +# Layer: kernel +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + +# Layer: admin +# Module: tmpreaper +# +# Manage temporary directory sizes and file ages +# +tmpreaper = module + +# Layer: admin +# Module: amtu +# +# Abstract Machine Test Utility (AMTU) +# +amtu = module + +# Layer: services +# Module: zabbix +# +# Open-source monitoring solution for your IT infrastructure +# +zabbix = module + +# Layer: services +# Module: apcupsd +# +# daemon for most APC’s UPS for Linux +# +apcupsd = module + +# Layer: services +# Module: aide +# +# Policy for aide +# +aide = module + +# Layer: services +# Module: w3c +# +# w3c +# +w3c = module + +# Layer: services +# Module: portreserve +# +# reserve ports to prevent portmap mapping them +# +portreserve = module + +# Layer: services +# Module: rpcbind +# +# universal addresses to RPC program number mapper +# +rpcbind = module + +# Layer: apps +# Module: vmware +# +# VMWare Workstation virtual machines +# +vmware = module + +# Layer: role +# Module: logadm +# +# Minimally prived root role for managing logging system +# +logadm = module + +# Layer: role +# Module: webadm +# +# Minimally prived root role for managing apache +# +webadm = module + +# +# Layer: services +# Module: exim +# +# exim mail server +# +exim = module + + +# Layer: services +# Module: kismet +# +# Wireless sniffing and monitoring +# +kismet = module + +# Layer: services +# Module: munin +# +# Munin +# +munin = module + +# Layer: services +# Module: bitlbee +# +# An IRC to other chat networks gateway +# +bitlbee = module + +# Layer: services +# Module: soundserver +# +# sound server for network audio server programs, nasd, yiff, etc +# +soundserver = module + +# Layer:role +# Module: staff +# +# admin account +# +staff = module + +# Layer:role +# Module: sysadm +# +# System Administrator +# +sysadm = base + +# Layer: role +# Module: unprivuser +# +# Minimally privs guest account on tty logins +# +unprivuser = module + +# Layer: services +# Module: prelude +# +prelude = module + +# Layer: services +# Module: pads +# +pads = module + +# Layer: services +# Module: kerneloops +# +# program to collect and submit kernel oopses to kerneloops.org +# +kerneloops = module + +# Layer: apps +# Module: openoffice +# +# openoffice executable +# +openoffice = module + +# Layer: apps +# Module: podsleuth +# +# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. +# +podsleuth = module + +# Layer: role +# Module: guest +# +# Minimally privs guest account on tty logins +# +guest = module + +# Layer: role +# Module: xguest +# +# Minimally privs guest account on X Windows logins +# +xguest = module + +# Layer: services +# Module: courier +# +# IMAP and POP3 email servers +# +courier = module + +# Layer: apps +# Module: livecd +# +# livecd creator +# +livecd = module + +# Layer: services +# Module: snort +# +# Snort network intrusion detection system +# +snort = module + +# Layer: services +# Module: memcached +# +# high-performance memory object caching system +# +memcached = module + +# Layer: system +# Module: netlabel +# +# Basic netlabel types and interfaces. +# +netlabel = module + # Layer: services # Module: zosremote # @@ -1173,9 +1727,21 @@ brctl = base # zosremote = module -# Layer: kernel -# Module: ubac +# Layer: services +# Module: pki +# +# +pki = module + +# Layer: services +# Module: pingd +# +# +pingd = module + +# Layer: services +# Module: milter # # # -ubac = base +milter = module