Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
2010-09-23 09:53:57 +02:00 · 2010-09-23 09:53:57 +02:00 · 18f2a72d7f
commit 18f2a72d7f
parent 0f7c400223
19 changed files with 93 additions and 107 deletions
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
@ -179,7 +179,7 @@ optional_policy(`
 #
 allow nrpe_t self:capability { setuid setgid };
-dontaudit nrpe_t self:capability {sys_tty_config sys_resource};
+dontaudit nrpe_t self:capability { sys_tty_config sys_resource };
 allow nrpe_t self:process { setpgid signal_perms setsched setrlimit };
 allow nrpe_t self:fifo_file rw_fifo_file_perms;
 allow nrpe_t self:tcp_socket create_stream_socket_perms;
--- a/policy/modules/services/ntop.te
+++ b/policy/modules/services/ntop.te
@ -51,7 +51,7 @@ files_tmp_filetrans(ntop_t, ntop_tmp_t, { file dir })
 manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
 manage_files_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
-files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir } )
+files_var_lib_filetrans(ntop_t, ntop_var_lib_t, { file dir })
 manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
 files_pid_filetrans(ntop_t, ntop_var_run_t, file)
--- a/policy/modules/services/nx.te
+++ b/policy/modules/services/nx.te
@ -89,10 +89,10 @@ seutil_dontaudit_search_config(nx_server_t)
 sysnet_read_config(nx_server_t)
 ifdef(`TODO',`
-# clients already have create permissions; the nxclient wants to also have unlink rights
+	# clients already have create permissions; the nxclient wants to also have unlink rights
-allow userdomain xdm_tmp_t:sock_file delete_sock_file_perms;
+	allow userdomain xdm_tmp_t:sock_file delete_sock_file_perms;
-# for a lockfile created by the client process
+	# for a lockfile created by the client process
-allow nx_server_t user_tmpfile:file getattr_file_perms;
+	allow nx_server_t user_tmpfile:file getattr_file_perms;
 ')
 ########################################
--- a/policy/modules/services/oddjob.te
+++ b/policy/modules/services/oddjob.te
@ -100,4 +100,3 @@ userdom_home_filetrans_user_home_dir(oddjob_mkhomedir_t)
 userdom_manage_user_home_dirs(oddjob_mkhomedir_t)
 userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
 userdom_manage_user_home_content(oddjob_mkhomedir_t)
--- a/policy/modules/services/oident.te
+++ b/policy/modules/services/oident.te
@ -1,4 +1,4 @@
-policy_module(oident, 2.1.0) 
+policy_module(oident, 2.1.0)
 ########################################
 #
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@ -6,9 +6,9 @@ policy_module(openvpn, 1.10.0)
 #
 ## <desc>
-## <p>
+##	<p>
-## Allow openvpn to read home directories
+##	Allow openvpn to read home directories
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(openvpn_enable_homedirs, false)
@ -46,7 +46,6 @@ files_pid_file(openvpn_var_run_t)
 allow openvpn_t self:capability { dac_read_search dac_override ipc_lock net_bind_service net_admin setgid setuid sys_chroot sys_tty_config };
 allow openvpn_t self:process { signal getsched };
 allow openvpn_t self:fifo_file rw_fifo_file_perms;
 allow openvpn_t self:unix_dgram_socket { create_socket_perms sendto };
 allow openvpn_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow openvpn_t self:udp_socket create_socket_perms;
@ -129,12 +128,12 @@ tunable_policy(`openvpn_enable_homedirs',`
 ')
 tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
-        fs_read_nfs_files(openvpn_t)
+	fs_read_nfs_files(openvpn_t)
-')  
+')
 tunable_policy(`openvpn_enable_homedirs && use_samba_home_dirs',`
-        fs_read_cifs_files(openvpn_t)
+	fs_read_cifs_files(openvpn_t)
-')  
+')
 optional_policy(`
 	daemontools_service_domain(openvpn_t, openvpn_exec_t)
--- a/policy/modules/services/pads.te
+++ b/policy/modules/services/pads.te
@ -1,4 +1,4 @@
-policy_module(pads, 1.0.0) 
+policy_module(pads, 1.0.0)
 ########################################
 #
--- a/policy/modules/services/passenger.te
+++ b/policy/modules/services/passenger.te
@ -1,5 +1,4 @@
-
+policy_module(passanger, 1.0.0)
 policy_module(passanger,1.0.0)
 ########################################
 #
@ -30,7 +29,6 @@ permissive passenger_t;
 allow passenger_t self:capability { dac_override fsetid fowner chown setuid setgid };
 allow passenger_t self:process signal;
 allow passenger_t self:fifo_file rw_fifo_file_perms;
 allow passenger_t self:unix_stream_socket { create_stream_socket_perms connectto };
--- a/policy/modules/services/piranha.te
+++ b/policy/modules/services/piranha.te
@ -1,4 +1,4 @@
-policy_module(piranha,1.0.0)
+policy_module(piranha, 1.0.0)
 ########################################
 #
@ -6,9 +6,9 @@ policy_module(piranha,1.0.0)
 #
 ## <desc>
-## <p>
+##	<p>
-## Allow piranha-lvs domain to connect to the network using TCP.
+##	Allow piranha-lvs domain to connect to the network using TCP.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(piranha_lvs_can_network_connect, false)
@ -65,7 +65,6 @@ init_domtrans_script(piranha_fos_t)
 allow piranha_web_t self:capability { setuid sys_nice kill setgid };
 allow piranha_web_t self:process { getsched setsched signal signull ptrace };
 allow piranha_web_t self:rawip_socket create_socket_perms;
 allow piranha_web_t self:netlink_route_socket r_netlink_socket_perms;
 allow piranha_web_t self:sem create_sem_perms;
 allow piranha_web_t self:shm create_shm_perms;
@ -80,7 +79,7 @@ rw_files_pattern(piranha_web_t, piranha_etc_rw_t, piranha_etc_rw_t)
 manage_dirs_pattern(piranha_web_t, piranha_log_t, piranha_log_t)
 manage_files_pattern(piranha_web_t, piranha_log_t, piranha_log_t)
-logging_log_filetrans(piranha_web_t, piranha_log_t, { dir file } )
+logging_log_filetrans(piranha_web_t, piranha_log_t, { dir file })
 can_exec(piranha_web_t, piranha_web_tmp_t)
 manage_dirs_pattern(piranha_web_t, piranha_web_tmp_t, piranha_web_tmp_t)
@ -119,7 +118,7 @@ optional_policy(`
 ')
 optional_policy(`
-        sasl_connect(piranha_web_t)
+	sasl_connect(piranha_web_t)
 ')
 ######################################
@ -129,9 +128,7 @@ optional_policy(`
 # neede by nanny
 allow piranha_lvs_t self:capability { net_raw sys_nice };
 allow piranha_lvs_t self:process signal;
 allow piranha_lvs_t self:unix_dgram_socket create_socket_perms;
 allow piranha_lvs_t self:rawip_socket create_socket_perms;
@ -145,7 +142,7 @@ sysnet_dns_name_resolve(piranha_lvs_t)
 # needed by nanny
 tunable_policy(`piranha_lvs_can_network_connect',`
-    corenet_tcp_connect_all_ports(piranha_lvs_t)
+	corenet_tcp_connect_all_ports(piranha_lvs_t)
 ')
 # needed by ipvsadm
@ -176,7 +173,7 @@ optional_policy(`
 ')
 optional_policy(`
-    sysnet_domtrans_ifconfig(piranha_pulse_t)
+	sysnet_domtrans_ifconfig(piranha_pulse_t)
 ')
 ####################################
--- a/policy/modules/services/plymouthd.te
+++ b/policy/modules/services/plymouthd.te
@ -92,7 +92,7 @@ sysnet_read_config(plymouth_t)
 plymouthd_stream_connect(plymouth_t)
-ifdef(`hide_broken_symptoms', `
+ifdef(`hide_broken_symptoms',`
 	optional_policy(`
 		hal_dontaudit_write_log(plymouth_t)
 		hal_dontaudit_rw_pipes(plymouth_t)
--- a/policy/modules/services/policykit.te
+++ b/policy/modules/services/policykit.te
@ -41,7 +41,6 @@ files_pid_file(policykit_var_run_t)
 allow policykit_t self:capability { dac_override dac_read_search setgid setuid sys_ptrace };
 allow policykit_t self:process { getsched getattr signal };
 allow policykit_t self:fifo_file rw_fifo_file_perms;
 allow policykit_t self:unix_dgram_socket create_socket_perms;
 allow policykit_t self:unix_stream_socket { create_stream_socket_perms connectto };
@ -275,4 +274,3 @@ optional_policy(`
 	kernel_search_proc(policykit_resolve_t)
 	hal_read_state(policykit_resolve_t)
 ')
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@ -6,10 +6,9 @@ policy_module(postfix, 1.12.0)
 #
 ## <desc>
-## <p>
+##	<p>
-## Allow postfix_local domain full write access to mail_spool directories
+##	Allow postfix_local domain full write access to mail_spool directories
-## 
+##	</p>
 ## </p>
 ## </desc>
 gen_tunable(allow_postfix_local_write_mail_spool, false)
@ -21,7 +20,7 @@ attribute postfix_user_domtrans;
 postfix_server_domain_template(bounce)
-type postfix_spool_bounce_t,  postfix_spool_type;
+type postfix_spool_bounce_t, postfix_spool_type;
 files_type(postfix_spool_bounce_t)
 postfix_server_domain_template(cleanup)
@ -40,7 +39,7 @@ type postfix_map_t;
 type postfix_map_exec_t;
 application_domain(postfix_map_t, postfix_map_exec_t)
 role system_r types postfix_map_t;
-     
+
 type postfix_map_tmp_t;
 files_tmp_file(postfix_map_tmp_t)
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@ -15,16 +15,16 @@ gen_require(`
 #
 ## <desc>
-## <p>
+##	<p>
-## Allow unprived users to execute DDL statement
+##	Allow unprived users to execute DDL statement
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(sepgsql_enable_users_ddl, true)
 ## <desc>
-## <p>
+##	<p>
-## Allow database admins to execute DML statement
+##	Allow database admins to execute DML statement
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(sepgsql_unconfined_dbadm, true)
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@ -6,16 +6,16 @@ policy_module(ppp, 1.12.0)
 #
 ## <desc>
-## <p>
+##	<p>
-## Allow pppd to load kernel modules for certain modems
+##	Allow pppd to load kernel modules for certain modems
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(pppd_can_insmod, false)
 ## <desc>
-## <p>
+##	<p>
-## Allow pppd to be run for a regular user
+##	Allow pppd to be run for a regular user
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(pppd_for_user, false)
--- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te
@ -6,10 +6,10 @@ policy_module(privoxy, 1.10.0)
 #
 ## <desc>
-## <p>
+##	<p>
-## Allow privoxy to connect to all ports, not just
+##	Allow privoxy to connect to all ports, not just
-## HTTP, FTP, and Gopher ports.
+##	HTTP, FTP, and Gopher ports.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(privoxy_connect_any, false)
--- a/policy/modules/services/puppet.te
+++ b/policy/modules/services/puppet.te
@ -6,10 +6,10 @@ policy_module(puppet, 1.0.0)
 #
 ## <desc>
-## <p>
+##	<p>
-## Allow Puppet client to manage all file
+##	Allow Puppet client to manage all file
-## types.
+##	types.
-## </p>
+##	</p>
 ## </desc>
 gen_tunable(puppet_manage_all_files, false)
--- a/policy/modules/services/pyzor.te
+++ b/policy/modules/services/pyzor.te
@ -5,9 +5,7 @@ policy_module(pyzor, 2.1.0)
 # Declarations
 #
 ifdef(`distro_redhat',`
 	gen_require(`
 		type spamc_t;
 		type spamc_exec_t;
@ -34,43 +32,41 @@ ifdef(`distro_redhat',`
 	typealias spamd_etc_t alias pyzor_etc_t;
 	typealias spamc_home_t alias pyzor_home_t;
 	typealias spamc_home_t alias user_pyzor_home_t;
 ',`
 	type pyzor_t;
 	type pyzor_exec_t;
 	typealias pyzor_t alias { user_pyzor_t staff_pyzor_t sysadm_pyzor_t };
 	typealias pyzor_t alias { auditadm_pyzor_t secadm_pyzor_t };
 	application_domain(pyzor_t, pyzor_exec_t)
 	ubac_constrained(pyzor_t)
 	role system_r types pyzor_t;
-type pyzor_t;
+	type pyzor_etc_t;
-type pyzor_exec_t;
+	files_type(pyzor_etc_t)
 typealias pyzor_t alias { user_pyzor_t staff_pyzor_t sysadm_pyzor_t };
 typealias pyzor_t alias { auditadm_pyzor_t secadm_pyzor_t };
 application_domain(pyzor_t, pyzor_exec_t)
 ubac_constrained(pyzor_t)
 role system_r types pyzor_t;
-type pyzor_etc_t;
+	type pyzor_home_t;
-files_type(pyzor_etc_t)
+	typealias pyzor_home_t alias { user_pyzor_home_t staff_pyzor_home_t sysadm_pyzor_home_t };
 	typealias pyzor_home_t alias { auditadm_pyzor_home_t secadm_pyzor_home_t };
 	userdom_user_home_content(pyzor_home_t)
-type pyzor_home_t;
+	type pyzor_tmp_t;
-typealias pyzor_home_t alias { user_pyzor_home_t staff_pyzor_home_t sysadm_pyzor_home_t };
+	typealias pyzor_tmp_t alias { user_pyzor_tmp_t staff_pyzor_tmp_t sysadm_pyzor_tmp_t };
-typealias pyzor_home_t alias { auditadm_pyzor_home_t secadm_pyzor_home_t };
+	typealias pyzor_tmp_t alias { auditadm_pyzor_tmp_t secadm_pyzor_tmp_t };
-userdom_user_home_content(pyzor_home_t)
+	files_tmp_file(pyzor_tmp_t)
 	ubac_constrained(pyzor_tmp_t)
-type pyzor_tmp_t;
+	type pyzor_var_lib_t;
-typealias pyzor_tmp_t alias { user_pyzor_tmp_t staff_pyzor_tmp_t sysadm_pyzor_tmp_t };
+	typealias pyzor_var_lib_t alias { user_pyzor_var_lib_t staff_pyzor_var_lib_t sysadm_pyzor_var_lib_t };
-typealias pyzor_tmp_t alias { auditadm_pyzor_tmp_t secadm_pyzor_tmp_t };
+	typealias pyzor_var_lib_t alias { auditadm_pyzor_var_lib_t secadm_pyzor_var_lib_t };
-files_tmp_file(pyzor_tmp_t)
+	files_type(pyzor_var_lib_t)
-ubac_constrained(pyzor_tmp_t)
+	ubac_constrained(pyzor_var_lib_t)
-type pyzor_var_lib_t;
+	type pyzord_t;
-typealias pyzor_var_lib_t alias { user_pyzor_var_lib_t staff_pyzor_var_lib_t sysadm_pyzor_var_lib_t };
+	type pyzord_exec_t;
-typealias pyzor_var_lib_t alias { auditadm_pyzor_var_lib_t secadm_pyzor_var_lib_t };
+	init_daemon_domain(pyzord_t, pyzord_exec_t)
 files_type(pyzor_var_lib_t)
 ubac_constrained(pyzor_var_lib_t)
-type pyzord_t;
+	type pyzord_log_t;
-type pyzord_exec_t;
+	logging_log_file(pyzord_log_t)
 init_daemon_domain(pyzord_t, pyzord_exec_t)
 type pyzord_log_t;
 logging_log_file(pyzord_log_t)
 ')
 ########################################
@ -149,7 +145,7 @@ can_exec(pyzord_t, pyzor_exec_t)
 manage_files_pattern(pyzord_t, pyzord_log_t, pyzord_log_t)
 allow pyzord_t pyzord_log_t:dir setattr;
-logging_log_filetrans(pyzord_t, pyzord_log_t, { file dir } )
+logging_log_filetrans(pyzord_t, pyzord_log_t, { file dir })
 kernel_read_kernel_sysctls(pyzord_t)
 kernel_read_system_state(pyzord_t)
--- a/policy/modules/services/qmail.te
+++ b/policy/modules/services/qmail.te
@ -60,7 +60,7 @@ application_domain(qmail_tcp_env_t, qmail_tcp_env_exec_t)
 ########################################
 #
 # qmail-clean local policy
-#   this component cleans up the queue directory
+#	this component cleans up the queue directory
 #
 read_files_pattern(qmail_clean_t, qmail_spool_t, qmail_spool_t)
@ -69,7 +69,7 @@ delete_files_pattern(qmail_clean_t, qmail_spool_t, qmail_spool_t)
 ########################################
 #
 # qmail-inject local policy
-#   this component preprocesses mail from stdin and invokes qmail-queue
+#	this component preprocesses mail from stdin and invokes qmail-queue
 #
 allow qmail_inject_t self:process signal_perms;
@ -88,7 +88,7 @@ qmail_read_config(qmail_inject_t)
 ########################################
 #
 # qmail-local local policy
-#   this component delivers a mail message
+#	this component delivers a mail message
 #
 allow qmail_local_t self:process signal_perms;
@ -131,7 +131,7 @@ optional_policy(`
 ########################################
 #
 # qmail-lspawn local policy
-#   this component schedules local deliveries
+#	this component schedules local deliveries
 #
 allow qmail_lspawn_t self:capability { setuid setgid };
@ -154,7 +154,7 @@ files_search_tmp(qmail_lspawn_t)
 ########################################
 #
 # qmail-queue local policy
-#   this component places a mail in a delivery queue, later to be processed by qmail-send
+#	this component places a mail in a delivery queue, later to be processed by qmail-send
 #
 allow qmail_queue_t qmail_lspawn_t:fd use;
@ -179,7 +179,7 @@ optional_policy(`
 ########################################
 #
 # qmail-remote local policy
-#   this component sends mail via SMTP
+#	this component sends mail via SMTP
 #
 allow qmail_remote_t self:tcp_socket create_socket_perms;
@ -206,7 +206,7 @@ sysnet_read_config(qmail_remote_t)
 ########################################
 #
 # qmail-rspawn local policy
-#   this component scedules remote deliveries
+#	this component scedules remote deliveries
 #
 allow qmail_rspawn_t self:process signal_perms;
@ -221,7 +221,7 @@ corecmd_search_bin(qmail_rspawn_t)
 ########################################
 #
 # qmail-send local policy
-#   this component delivers mail messages from the queue
+#	this component delivers mail messages from the queue
 #
 allow qmail_send_t self:process signal_perms;
@ -240,7 +240,7 @@ optional_policy(`
 ########################################
 #
 # qmail-smtpd local policy
-#   this component receives mails via SMTP
+#	this component receives mails via SMTP
 #
 allow qmail_smtpd_t self:process signal_perms;
@ -269,7 +269,7 @@ optional_policy(`
 ########################################
 #
 # splogger local policy
-#   this component creates entries in syslog
+#	this component creates entries in syslog
 #
 allow qmail_splogger_t self:unix_dgram_socket create_socket_perms;
@ -283,7 +283,7 @@ miscfiles_read_localization(qmail_splogger_t)
 ########################################
 #
 # qmail-start local policy
-#   this component starts up the mail delivery component
+#	this component starts up the mail delivery component
 #
 allow qmail_start_t self:capability { setgid setuid };
@ -307,7 +307,7 @@ optional_policy(`
 ########################################
 #
 # tcp-env local policy
-#   this component sets up TCP-related environment variables
+#	this component sets up TCP-related environment variables
 #
 allow qmail_tcp_env_t qmail_smtpd_exec_t:file read_file_perms;
--- a/policy/modules/services/qpidd.te
+++ b/policy/modules/services/qpidd.te
@ -1,4 +1,4 @@
-policy_module(qpidd,1.0.0)
+policy_module(qpidd, 1.0.0)
 ########################################
 #
@ -32,7 +32,7 @@ allow qpidd_t self:unix_stream_socket create_stream_socket_perms;
 manage_dirs_pattern(qpidd_t, qpidd_var_lib_t,  qpidd_var_lib_t)
 manage_files_pattern(qpidd_t, qpidd_var_lib_t,  qpidd_var_lib_t)
-files_var_lib_filetrans(qpidd_t, qpidd_var_lib_t, { file dir } )
+files_var_lib_filetrans(qpidd_t, qpidd_var_lib_t, { file dir })
 manage_dirs_pattern(qpidd_t, qpidd_var_run_t,  qpidd_var_run_t)
 manage_files_pattern(qpidd_t, qpidd_var_run_t,  qpidd_var_run_t)