From 1976ddda249c7639e327ea8db99ae5dcd745050f Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Mon, 20 Sep 2010 11:48:51 +0200 Subject: [PATCH] Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. --- policy/modules/services/gnomeclock.if | 4 +- policy/modules/services/hal.if | 14 +-- policy/modules/services/icecast.if | 10 +- policy/modules/services/ifplugd.if | 4 +- policy/modules/services/inetd.if | 1 - policy/modules/services/jabber.if | 88 ++++++++-------- policy/modules/services/kerberos.if | 10 +- policy/modules/services/kerneloops.if | 4 +- policy/modules/services/ksmtuned.if | 5 +- policy/modules/services/ldap.if | 34 +++---- policy/modules/services/lircd.if | 9 +- policy/modules/services/mailman.if | 2 +- policy/modules/services/memcached.if | 4 +- policy/modules/services/milter.if | 18 ++-- policy/modules/services/mock.if | 21 ++-- policy/modules/services/modemmanager.if | 4 +- policy/modules/services/mpd.if | 116 +++++++++++----------- policy/modules/services/mta.if | 39 ++++---- policy/modules/services/munin.if | 19 ++-- policy/modules/services/nagios.if | 1 - policy/modules/services/networkmanager.if | 6 +- policy/modules/services/nslcd.if | 4 +- policy/modules/services/oddjob.if | 38 +++---- policy/modules/services/oident.if | 6 +- policy/modules/services/openct.if | 8 +- policy/modules/services/pads.if | 2 +- policy/modules/services/passenger.if | 53 +++++----- policy/modules/services/pcscd.if | 4 +- policy/modules/services/pingd.if | 5 +- policy/modules/services/piranha.if | 102 ++++++++++--------- 30 files changed, 308 insertions(+), 327 deletions(-) diff --git a/policy/modules/services/gnomeclock.if b/policy/modules/services/gnomeclock.if index da0e8446..17d25ba4 100644 --- a/policy/modules/services/gnomeclock.if +++ b/policy/modules/services/gnomeclock.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run gnomeclock. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`gnomeclock_domtrans',` diff --git a/policy/modules/services/hal.if b/policy/modules/services/hal.if index 82772698..2b55c859 100644 --- a/policy/modules/services/hal.if +++ b/policy/modules/services/hal.if @@ -70,7 +70,7 @@ interface(`hal_use_fds',` type hald_t; ') - allow $1 hald_t:fd use; + allow $1 hald_t:fd use; ') ######################################## @@ -88,7 +88,7 @@ interface(`hal_dontaudit_use_fds',` type hald_t; ') - dontaudit $1 hald_t:fd use; + dontaudit $1 hald_t:fd use; ') ######################################## @@ -107,7 +107,7 @@ interface(`hal_rw_pipes',` type hald_t; ') - allow $1 hald_t:fifo_file rw_fifo_file_perms; + allow $1 hald_t:fifo_file rw_fifo_file_perms; ') ######################################## @@ -126,7 +126,7 @@ interface(`hal_dontaudit_rw_pipes',` type hald_t; ') - dontaudit $1 hald_t:fifo_file rw_fifo_file_perms; + dontaudit $1 hald_t:fifo_file rw_fifo_file_perms; ') ######################################## @@ -360,7 +360,7 @@ interface(`hal_read_pid_files',` ######################################## ## -## Do not audit attempts to read +## Do not audit attempts to read ## hald PID files. ## ## @@ -451,9 +451,9 @@ interface(`hal_dontaudit_leaks',` type hald_var_run_t; ') - dontaudit $1 hald_t:fd use; + dontaudit $1 hald_t:fd use; dontaudit $1 hald_log_t:file rw_inherited_file_perms; - dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms; + dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms; dontaudit hald_t $1:socket_class_set { read write }; dontaudit $1 hald_var_run_t:file read_inherited_file_perms; ') diff --git a/policy/modules/services/icecast.if b/policy/modules/services/icecast.if index 3aa86f30..40affd8e 100644 --- a/policy/modules/services/icecast.if +++ b/policy/modules/services/icecast.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run icecast. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`icecast_domtrans',` @@ -118,9 +118,9 @@ interface(`icecast_read_log',` ## icecast log files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`icecast_append_log',` @@ -183,7 +183,5 @@ interface(`icecast_admin',` allow $2 system_r; icecast_manage_pid_files($1) - icecast_manage_log($1) - ') diff --git a/policy/modules/services/ifplugd.if b/policy/modules/services/ifplugd.if index dfb42326..684bb0ac 100644 --- a/policy/modules/services/ifplugd.if +++ b/policy/modules/services/ifplugd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run ifplugd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ifplugd_domtrans',` diff --git a/policy/modules/services/inetd.if b/policy/modules/services/inetd.if index df48e5ed..6985546a 100644 --- a/policy/modules/services/inetd.if +++ b/policy/modules/services/inetd.if @@ -55,7 +55,6 @@ interface(`inetd_core_service_domain',` ## # interface(`inetd_tcp_service_domain',` - gen_require(` type inetd_t; ') diff --git a/policy/modules/services/jabber.if b/policy/modules/services/jabber.if index f17e6297..cde3591e 100644 --- a/policy/modules/services/jabber.if +++ b/policy/modules/services/jabber.if @@ -2,95 +2,95 @@ ####################################### ## -## Execute a domain transition to run jabberd services +## Execute a domain transition to run jabberd services ## ## -## -## Domain allowed to transition. -## +## +## Domain allowed to transition. +## ## # interface(`jabber_domtrans_jabberd',` - gen_require(` - type jabberd_t, jabberd_exec_t; - ') + gen_require(` + type jabberd_t, jabberd_exec_t; + ') - domtrans_pattern($1, jabberd_exec_t, jabberd_t) + domtrans_pattern($1, jabberd_exec_t, jabberd_t) ') ###################################### ## -## Execute a domain transition to run jabberd router service +## Execute a domain transition to run jabberd router service ## ## -## -## Domain allowed to transition. -## +## +## Domain allowed to transition. +## ## # interface(`jabber_domtrans_jabberd_router',` - gen_require(` - type jabberd_router_t, jabberd_router_exec_t; - ') + gen_require(` + type jabberd_router_t, jabberd_router_exec_t; + ') - domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t) + domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t) ') ####################################### ## -## Read jabberd lib files. +## Read jabberd lib files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`jabberd_read_lib_files',` - gen_require(` - type jabberd_var_lib_t; - ') + gen_require(` + type jabberd_var_lib_t; + ') - files_search_var_lib($1) - read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t) + files_search_var_lib($1) + read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t) ') ####################################### ## -## Dontaudit inherited read jabberd lib files. +## Dontaudit inherited read jabberd lib files. ## ## -## -## Domain to not audit. -## +## +## Domain to not audit. +## ## # interface(`jabberd_dontaudit_read_lib_files',` - gen_require(` - type jabberd_var_lib_t; - ') + gen_require(` + type jabberd_var_lib_t; + ') - dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms; + dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms; ') ####################################### ## -## Create, read, write, and delete -## jabberd lib files. +## Create, read, write, and delete +## jabberd lib files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`jabberd_manage_lib_files',` - gen_require(` - type jabberd_var_lib_t; - ') + gen_require(` + type jabberd_var_lib_t; + ') - files_search_var_lib($1) - manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t) + files_search_var_lib($1) + manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t) ') ######################################## @@ -121,7 +121,7 @@ interface(`jabber_admin',` ps_process_pattern($1, jabberd_t) allow $1 jabberd_router_t:process { ptrace signal_perms }; - ps_process_pattern($1, jabberd_router_t) + ps_process_pattern($1, jabberd_router_t) init_labeled_script_domtrans($1, jabberd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if index 604f67bf..541cc80e 100644 --- a/policy/modules/services/kerberos.if +++ b/policy/modules/services/kerberos.if @@ -26,9 +26,9 @@ ## Execute kadmind in the current domain ## ## -## +## ## Domain allowed access. -## +## ## # interface(`kerberos_exec_kadmind',` @@ -44,9 +44,9 @@ interface(`kerberos_exec_kadmind',` ## Execute a domain transition to run kpropd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`kerberos_domtrans_kpropd',` @@ -235,7 +235,7 @@ template(`kerberos_keytab_template',` type $1_keytab_t; files_type($1_keytab_t) - allow $2 $1_keytab_t:file read_file_perms; + allow $2 $1_keytab_t:file read_file_perms; kerberos_read_keytab($2) kerberos_use($2) diff --git a/policy/modules/services/kerneloops.if b/policy/modules/services/kerneloops.if index 835b16b0..767833d4 100644 --- a/policy/modules/services/kerneloops.if +++ b/policy/modules/services/kerneloops.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run kerneloops. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`kerneloops_domtrans',` diff --git a/policy/modules/services/ksmtuned.if b/policy/modules/services/ksmtuned.if index d17f349b..40a94054 100644 --- a/policy/modules/services/ksmtuned.if +++ b/policy/modules/services/ksmtuned.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run ksmtuned. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ksmtuned_domtrans',` @@ -70,5 +70,4 @@ interface(`ksmtuned_admin',` domain_system_change_exemption($1) role_transition $2 ksmtuned_initrc_exec_t system_r; allow $2 system_r; - ') diff --git a/policy/modules/services/ldap.if b/policy/modules/services/ldap.if index d15f94d8..eabd77a1 100644 --- a/policy/modules/services/ldap.if +++ b/policy/modules/services/ldap.if @@ -2,42 +2,40 @@ ####################################### ## -## Execute OpenLDAP in the ldap domain. +## Execute OpenLDAP in the ldap domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`ldap_domtrans',` - gen_require(` - type slapd_t, slapd_exec_t; - ') - - domtrans_pattern($1, slapd_exec_t, slapd_t) + gen_require(` + type slapd_t, slapd_exec_t; + ') + domtrans_pattern($1, slapd_exec_t, slapd_t) ') ####################################### ## -## Execute OpenLDAP server in the ldap domain. +## Execute OpenLDAP server in the ldap domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`ldap_initrc_domtrans',` - gen_require(` - type slapd_initrc_exec_t; - ') + gen_require(` + type slapd_initrc_exec_t; + ') - init_labeled_script_domtrans($1, slapd_initrc_exec_t) + init_labeled_script_domtrans($1, slapd_initrc_exec_t) ') - ######################################## ## ## Read the contents of the OpenLDAP diff --git a/policy/modules/services/lircd.if b/policy/modules/services/lircd.if index 418cc811..c0513fab 100644 --- a/policy/modules/services/lircd.if +++ b/policy/modules/services/lircd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run lircd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`lircd_domtrans',` @@ -16,7 +16,6 @@ interface(`lircd_domtrans',` ') domain_auto_trans($1, lircd_exec_t, lircd_t) - ') ###################################### @@ -44,9 +43,9 @@ interface(`lircd_stream_connect',` ## Read lircd etc file ## ## -## +## ## Domain allowed access. -## +## ## # interface(`lircd_read_config',` diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if index 19bcae2a..84b76265 100644 --- a/policy/modules/services/mailman.if +++ b/policy/modules/services/mailman.if @@ -16,7 +16,7 @@ ## ## # -template(`mailman_domain_template', ` +template(`mailman_domain_template',` type mailman_$1_t; domain_type(mailman_$1_t) role system_r types mailman_$1_t; diff --git a/policy/modules/services/memcached.if b/policy/modules/services/memcached.if index ee60e591..513a0702 100644 --- a/policy/modules/services/memcached.if +++ b/policy/modules/services/memcached.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run memcached. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`memcached_domtrans',` diff --git a/policy/modules/services/milter.if b/policy/modules/services/milter.if index 267cd44a..e10894b2 100644 --- a/policy/modules/services/milter.if +++ b/policy/modules/services/milter.if @@ -121,19 +121,19 @@ interface(`milter_manage_spamass_state',` ####################################### ## -## Delete dkim-milter PID files. +## Delete dkim-milter PID files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`milter_delete_dkim_pid_files',` - gen_require(` - type dkim_milter_data_t; - ') + gen_require(` + type dkim_milter_data_t; + ') - files_search_pids($1) - delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t) + files_search_pids($1) + delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t) ') diff --git a/policy/modules/services/mock.if b/policy/modules/services/mock.if index 4ed75f11..4b0002ad 100644 --- a/policy/modules/services/mock.if +++ b/policy/modules/services/mock.if @@ -1,4 +1,3 @@ - ## policy for mock ######################################## @@ -6,9 +5,9 @@ ## Execute a domain transition to run mock. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`mock_domtrans',` @@ -19,7 +18,6 @@ interface(`mock_domtrans',` domtrans_pattern($1, mock_exec_t, mock_t) ') - ######################################## ## ## Search mock lib directories. @@ -55,7 +53,7 @@ interface(`mock_read_lib_files',` ') files_search_var_lib($1) - read_files_pattern($1, mock_var_lib_t, mock_var_lib_t) + read_files_pattern($1, mock_var_lib_t, mock_var_lib_t) ') ######################################## @@ -75,7 +73,7 @@ interface(`mock_manage_lib_files',` ') files_search_var_lib($1) - manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t) + manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t) ') ######################################## @@ -94,7 +92,7 @@ interface(`mock_manage_lib_dirs',` ') files_search_var_lib($1) - manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t) + manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t) ') ######################################### @@ -113,7 +111,7 @@ interface(`mock_manage_lib_symlinks',` ') files_search_var_lib($1) - manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t) + manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t) ') ######################################## @@ -132,7 +130,7 @@ interface(`mock_manage_lib_chr_files',` ') files_search_var_lib($1) - manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t) + manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t) ') ######################################## @@ -177,7 +175,7 @@ interface(`mock_run',` # interface(`mock_role',` gen_require(` - type mock_t; + type mock_t; ') role $1 types mock_t; @@ -226,7 +224,7 @@ interface(`mock_signal',` interface(`mock_admin',` gen_require(` type mock_t; - type mock_var_lib_t; + type mock_var_lib_t; ') allow $1 mock_t:process { ptrace signal_perms }; @@ -234,5 +232,4 @@ interface(`mock_admin',` files_search_var_lib($1) admin_pattern($1, mock_var_lib_t) - ') diff --git a/policy/modules/services/modemmanager.if b/policy/modules/services/modemmanager.if index 33686991..7a7fc026 100644 --- a/policy/modules/services/modemmanager.if +++ b/policy/modules/services/modemmanager.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run modemmanager. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`modemmanager_domtrans',` diff --git a/policy/modules/services/mpd.if b/policy/modules/services/mpd.if index 5599d14a..65c79bc2 100644 --- a/policy/modules/services/mpd.if +++ b/policy/modules/services/mpd.if @@ -1,4 +1,3 @@ - ## policy for daemon for playing music ######################################## @@ -6,9 +5,9 @@ ## Execute a domain transition to run mpd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`mpd_domtrans',` @@ -19,7 +18,6 @@ interface(`mpd_domtrans',` domtrans_pattern($1, mpd_exec_t, mpd_t) ') - ######################################## ## ## Execute mpd server in the mpd domain. @@ -40,79 +38,79 @@ interface(`mpd_initrc_domtrans',` ####################################### ## -## Read mpd data files. +## Read mpd data files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`mpd_read_data_files',` - gen_require(` - type mpd_data_t; - ') + gen_require(` + type mpd_data_t; + ') mpd_search_lib($1) - read_files_pattern($1, mpd_data_t, mpd_data_t) + read_files_pattern($1, mpd_data_t, mpd_data_t) ') ####################################### ## -## Read mpd tmpfs files. +## Read mpd tmpfs files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`mpd_read_tmpfs_files',` - gen_require(` - type mpd_tmpfs_t; - ') + gen_require(` + type mpd_tmpfs_t; + ') fs_search_tmpfs($1) - read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t) + read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t) ') ################################### ## -## Manage mpd tmpfs files. +## Manage mpd tmpfs files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`mpd_manage_tmpfs_files',` - gen_require(` - type mpd_tmpfs_t; - ') + gen_require(` + type mpd_tmpfs_t; + ') fs_search_tmpfs($1) - manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t) - manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t) + manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t) + manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t) ') ###################################### ## -## Manage mpd data files. +## Manage mpd data files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`mpd_manage_data_files',` - gen_require(` - type mpd_data_t; - ') + gen_require(` + type mpd_data_t; + ') - mpd_search_lib($1) - manage_files_pattern($1, mpd_data_t, mpd_data_t) + mpd_search_lib($1) + manage_files_pattern($1, mpd_data_t, mpd_data_t) ') ######################################## @@ -150,7 +148,7 @@ interface(`mpd_read_lib_files',` ') files_search_var_lib($1) - read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t) + read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t) ') ######################################## @@ -170,36 +168,36 @@ interface(`mpd_manage_lib_files',` ') files_search_var_lib($1) - manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t) + manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t) ') ####################################### ## -## Create an object in the root directory, with a private -## type using a type transition. +## Create an object in the root directory, with a private +## type using a type transition. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## -## -## The type of the object to be created. -## +## +## The type of the object to be created. +## ## ## -## -## The object class of the object being created. -## +## +## The object class of the object being created. +## ## # interface(`mpd_var_lib_filetrans',` - gen_require(` - type mpd_var_lib_t; - ') + gen_require(` + type mpd_var_lib_t; + ') - filetrans_pattern($1, mpd_var_lib_t, $2, $3) + filetrans_pattern($1, mpd_var_lib_t, $2, $3) ') ######################################## @@ -218,7 +216,7 @@ interface(`mpd_manage_lib_dirs',` ') files_search_var_lib($1) - manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t) + manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t) ') ######################################## @@ -245,7 +243,7 @@ interface(`mpd_admin',` type mpd_etc_t; type mpd_data_t; type mpd_log_t; - type mpd_var_lib_t; + type mpd_var_lib_t; type mpd_tmpfs_t; ') @@ -258,11 +256,11 @@ interface(`mpd_admin',` allow $2 system_r; admin_pattern($1, mpd_etc_t) - files_search_etc($1) + files_search_etc($1) files_search_var_lib($1) admin_pattern($1, mpd_var_lib_t) - + mpd_search_lib($1) admin_pattern($1, mpd_data_t) diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if index a9ebda27..97c492e4 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -39,7 +39,6 @@ interface(`mta_stub',` ## # template(`mta_base_mail_template',` - gen_require(` attribute user_mail_domain; type sendmail_exec_t; @@ -225,18 +224,18 @@ interface(`mta_agent_executable',` ## Dontaudit read and write an leaked file descriptors ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`mta_dontaudit_leaks_system_mail',` - gen_require(` - type system_mail_t; - ') + gen_require(` + type system_mail_t; + ') - dontaudit $1 system_mail_t:fifo_file write; - dontaudit $1 system_mail_t:tcp_socket { read write }; + dontaudit $1 system_mail_t:fifo_file write; + dontaudit $1 system_mail_t:tcp_socket { read write }; ') ######################################## @@ -376,7 +375,7 @@ interface(`mta_send_mail',` allow mta_user_agent $1:process sigchld; allow mta_user_agent $1:fifo_file rw_fifo_file_perms; - ifdef(`hide_broken_symptoms', ` + ifdef(`hide_broken_symptoms',` dontaudit system_mail_t $1:socket_class_set { read write }; ') ') @@ -962,20 +961,20 @@ interface(`mta_filetrans_aliases',` ###################################### ## -## ALlow domain to read mail content in the homedir +## ALlow domain to read mail content in the homedir ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`mta_read_home',` - gen_require(` - type mail_home_t; - ') + gen_require(` + type mail_home_t; + ') - userdom_search_user_home_dirs($1) - userdom_search_admin_dir($1) - read_files_pattern($1, mail_home_t, mail_home_t) + userdom_search_user_home_dirs($1) + userdom_search_admin_dir($1) + read_files_pattern($1, mail_home_t, mail_home_t) ') diff --git a/policy/modules/services/munin.if b/policy/modules/services/munin.if index dda8ca9c..297e392f 100644 --- a/policy/modules/services/munin.if +++ b/policy/modules/services/munin.if @@ -37,8 +37,7 @@ template(`munin_plugin_template',` # automatic transition rules from munin domain # to specific munin plugin domain domtrans_pattern(munin_t, $1_munin_plugin_exec_t, $1_munin_plugin_t) - allow munin_t $1_munin_plugin_t:process signal; - + allow munin_t $1_munin_plugin_t:process signal; ') ######################################## @@ -85,20 +84,20 @@ interface(`munin_read_config',` ###################################### ## -## dontaudit read and write an leaked file descriptors +## dontaudit read and write an leaked file descriptors ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`munin_dontaudit_leaks',` - gen_require(` - type munin_t; - ') + gen_require(` + type munin_t; + ') - dontaudit $1 munin_t:tcp_socket { read write }; + dontaudit $1 munin_t:tcp_socket { read write }; ') ####################################### diff --git a/policy/modules/services/nagios.if b/policy/modules/services/nagios.if index e3c82729..fcb28e97 100644 --- a/policy/modules/services/nagios.if +++ b/policy/modules/services/nagios.if @@ -12,7 +12,6 @@ ## # template(`nagios_plugin_template',` - gen_require(` type nagios_t, nrpe_t; type nagios_log_t; diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if index 1a1bfe4d..0390b46e 100644 --- a/policy/modules/services/networkmanager.if +++ b/policy/modules/services/networkmanager.if @@ -43,9 +43,9 @@ interface(`networkmanager_rw_packet_sockets',` ## Allow caller to relabel tun_socket ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`networkmanager_attach_tun_iface',` diff --git a/policy/modules/services/nslcd.if b/policy/modules/services/nslcd.if index b94add15..2a554010 100644 --- a/policy/modules/services/nslcd.if +++ b/policy/modules/services/nslcd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run nslcd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`nslcd_domtrans',` diff --git a/policy/modules/services/oddjob.if b/policy/modules/services/oddjob.if index ca33ae3d..c6e34b26 100644 --- a/policy/modules/services/oddjob.if +++ b/policy/modules/services/oddjob.if @@ -9,9 +9,9 @@ ## Execute a domain transition to run oddjob. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`oddjob_domtrans',` @@ -24,21 +24,21 @@ interface(`oddjob_domtrans',` ##################################### ## -## Do not audit attempts to read and write -## oddjob fifo file. +## Do not audit attempts to read and write +## oddjob fifo file. ## ## -## -## Domain to not audit. -## +## +## Domain to not audit. +## ## # interface(`oddjob_dontaudit_rw_fifo_file',` - gen_require(` - type shutdown_t; - ') + gen_require(` + type shutdown_t; + ') - dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms; + dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms; ') ######################################## @@ -89,20 +89,20 @@ interface(`oddjob_dbus_chat',` ###################################### ## -## Send a SIGCHLD signal to oddjob. +## Send a SIGCHLD signal to oddjob. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`oddjob_sigchld',` - gen_require(` - type oddjob_t; - ') + gen_require(` + type oddjob_t; + ') - allow $1 oddjob_t:process sigchld; + allow $1 oddjob_t:process sigchld; ') ######################################## diff --git a/policy/modules/services/oident.if b/policy/modules/services/oident.if index bb4fae51..a3a9a762 100644 --- a/policy/modules/services/oident.if +++ b/policy/modules/services/oident.if @@ -18,7 +18,7 @@ ## ## # -interface(`oident_read_user_content', ` +interface(`oident_read_user_content',` gen_require(` type oidentd_home_t; ') @@ -38,7 +38,7 @@ interface(`oident_read_user_content', ` ## ## # -interface(`oident_manage_user_content', ` +interface(`oident_manage_user_content',` gen_require(` type oidentd_home_t; ') @@ -58,7 +58,7 @@ interface(`oident_manage_user_content', ` ## ## # -interface(`oident_relabel_user_content', ` +interface(`oident_relabel_user_content',` gen_require(` type oidentd_home_t; ') diff --git a/policy/modules/services/openct.if b/policy/modules/services/openct.if index 9d0a67bf..9197ef04 100644 --- a/policy/modules/services/openct.if +++ b/policy/modules/services/openct.if @@ -23,9 +23,9 @@ interface(`openct_signull',` ## Execute openct in the caller domain. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`openct_exec',` @@ -42,9 +42,9 @@ interface(`openct_exec',` ## Execute a domain transition to run openct. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`openct_domtrans',` diff --git a/policy/modules/services/pads.if b/policy/modules/services/pads.if index 4452d3b1..5a14c62b 100644 --- a/policy/modules/services/pads.if +++ b/policy/modules/services/pads.if @@ -25,7 +25,7 @@ ## ## # -interface(`pads_admin', ` +interface(`pads_admin',` gen_require(` type pads_t, pads_config_t; type pads_var_run_t, pads_initrc_exec_t; diff --git a/policy/modules/services/passenger.if b/policy/modules/services/passenger.if index 7ca90f64..7f2bbc6d 100644 --- a/policy/modules/services/passenger.if +++ b/policy/modules/services/passenger.if @@ -2,19 +2,19 @@ ###################################### ## -## Execute passenger in the passenger domain. +## Execute passenger in the passenger domain. ## ## -## -## The type of the process performing this action. -## +## +## The type of the process performing this action. +## ## # interface(`passenger_domtrans',` - gen_require(` - type passenger_t; - type passenger_exec_t; - ') + gen_require(` + type passenger_t; + type passenger_exec_t; + ') allow $1 self:capability { fowner fsetid }; @@ -27,43 +27,42 @@ interface(`passenger_domtrans',` ###################################### ## -## Manage passenger var_run content. +## Manage passenger var_run content. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`passenger_manage_pid_content',` - gen_require(` - type passenger_var_run_t; - ') + gen_require(` + type passenger_var_run_t; + ') - files_search_pids($1) + files_search_pids($1) manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t) - manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t) + manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t) manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t) manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t) ') ######################################## ## -## Read passenger lib files +## Read passenger lib files ## ## -## -## Domain to not audit. -## +## +## Domain to not audit. +## ## # interface(`passenger_read_lib_files',` - gen_require(` - type passenger_var_lib_t; - ') + gen_require(` + type passenger_var_lib_t; + ') files_search_var_lib($1) - read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t) - read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t) + read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t) + read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t) ') - diff --git a/policy/modules/services/pcscd.if b/policy/modules/services/pcscd.if index 1c2a0913..ea5ae69a 100644 --- a/policy/modules/services/pcscd.if +++ b/policy/modules/services/pcscd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run pcscd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`pcscd_domtrans',` diff --git a/policy/modules/services/pingd.if b/policy/modules/services/pingd.if index 8688aaec..2e6ce68c 100644 --- a/policy/modules/services/pingd.if +++ b/policy/modules/services/pingd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run pingd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`pingd_domtrans',` @@ -55,7 +55,6 @@ interface(`pingd_manage_config',` files_search_etc($1) manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t) manage_files_pattern($1, pingd_etc_t, pingd_etc_t) - ') ####################################### diff --git a/policy/modules/services/piranha.if b/policy/modules/services/piranha.if index 8ecd2764..61939841 100644 --- a/policy/modules/services/piranha.if +++ b/policy/modules/services/piranha.if @@ -1,44 +1,42 @@ - ## policy for piranha ####################################### ## -## Creates types and rules for a basic -## cluster init daemon domain. +## Creates types and rules for a basic +## cluster init daemon domain. ## ## -## -## Prefix for the domain. -## +## +## Prefix for the domain. +## ## # template(`piranha_domain_template',` - - gen_require(` - attribute piranha_domain; - ') + gen_require(` + attribute piranha_domain; + ') ############################## - # - # piranha_$1_t declarations - # + # + # piranha_$1_t declarations + # type piranha_$1_t, piranha_domain; type piranha_$1_exec_t; init_daemon_domain(piranha_$1_t, piranha_$1_exec_t) # pid files - type piranha_$1_var_run_t; - files_pid_file(piranha_$1_var_run_t) + type piranha_$1_var_run_t; + files_pid_file(piranha_$1_var_run_t) ############################## - # - # piranha_$1_t local policy - # + # + # piranha_$1_t local policy + # - manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t) + manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t) manage_dirs_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t) - files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file }) + files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file }) ') ######################################## @@ -46,9 +44,9 @@ template(`piranha_domain_template',` ## Execute a domain transition to run fos. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`piranha_domtrans_fos',` @@ -61,56 +59,56 @@ interface(`piranha_domtrans_fos',` ####################################### ## -## Execute a domain transition to run lvsd. +## Execute a domain transition to run lvsd. ## ## -## -## Domain allowed to transition. -## +## +## Domain allowed to transition. +## ## # interface(`piranha_domtrans_lvs',` - gen_require(` - type piranha_lvs_t, piranha_lvs_exec_t; - ') + gen_require(` + type piranha_lvs_t, piranha_lvs_exec_t; + ') - domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t) + domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t) ') ####################################### ## -## Execute a domain transition to run pulse. +## Execute a domain transition to run pulse. ## ## -## -## Domain allowed to transition. -## +## +## Domain allowed to transition. +## ## # interface(`piranha_domtrans_pulse',` - gen_require(` - type piranha_pulse_t, piranha_pulse_exec_t; - ') + gen_require(` + type piranha_pulse_t, piranha_pulse_exec_t; + ') - domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t) + domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t) ') ####################################### ## -## Execute pulse server in the pulse domain. +## Execute pulse server in the pulse domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`piranha_pulse_initrc_domtrans',` - gen_require(` - type piranha_pulse_initrc_exec_t; - ') + gen_require(` + type piranha_pulse_initrc_exec_t; + ') - init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t) + init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t) ') ######################################## @@ -130,7 +128,7 @@ interface(`piranha_read_log',` ') logging_search_logs($1) - read_files_pattern($1, piranha_log_t, piranha_log_t) + read_files_pattern($1, piranha_log_t, piranha_log_t) ') ######################################## @@ -139,9 +137,9 @@ interface(`piranha_read_log',` ## piranha log files. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`piranha_append_log',` @@ -169,7 +167,7 @@ interface(`piranha_manage_log',` ') logging_search_logs($1) - manage_dirs_pattern($1, piranha_log_t, piranha_log_t) - manage_files_pattern($1, piranha_log_t, piranha_log_t) - manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t) + manage_dirs_pattern($1, piranha_log_t, piranha_log_t) + manage_files_pattern($1, piranha_log_t, piranha_log_t) + manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t) ')