From 5c1cd7105c26779319ecdac62a7605797d519906 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 29 Mar 2006 20:21:25 +0000 Subject: [PATCH] - Update to upstream --- modules-strict.conf | 531 +++++++++++++++++++++++++++----------------- selinux-policy.spec | 1 + 2 files changed, 323 insertions(+), 209 deletions(-) diff --git a/modules-strict.conf b/modules-strict.conf index ccc4e575..268acecf 100644 --- a/modules-strict.conf +++ b/modules-strict.conf @@ -19,6 +19,14 @@ # terminal = base +# Layer: kernel +# Module: mcs +# Required in base +# +# Multicategory security policy +# +mcs = base + # Layer: kernel # Module: files # Required in base @@ -81,17 +89,9 @@ corenetwork = base # Module: mls # Required in base # -# MultiCategory security policy -# -mls = base - -# Layer: kernel -# Module: mcs -# Required in base -# # Multilevel security policy # -mcs = base +mls = base # Layer: kernel # Module: selinux @@ -143,6 +143,13 @@ readahead = module # kudzu = module +# Layer: admin +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = base + # Layer: admin # Module: updfstab # @@ -155,7 +162,7 @@ updfstab = module # # Network analysis utilities # -netutils = module +netutils = base # Layer: admin # Module: alsa @@ -186,6 +193,13 @@ portage = module # su = module +# Layer: admin +# Module: apt +# +# APT advanced package toll. +# +apt = module + # Layer: admin # Module: dmesg # @@ -200,6 +214,13 @@ dmesg = module # anaconda = module +# Layer: admin +# Module: dpkg +# +# Policy for the Debian package manager. +# +dpkg = off + # Layer: admin # Module: amanda # @@ -278,6 +299,13 @@ certwatch = module # tmpreaper = module +# Layer: admin +# Module: mrtg +# +# Network traffic graphing +# +mrtg = module + # Layer: admin # Module: dmidecode # @@ -292,6 +320,27 @@ dmidecode = module # logwatch = module +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Layer: apps +# Module: evolution +# +# Evolution email client +# +evolution = module + +# Layer: apps +# Module: mozilla +# +# Policy for Mozilla and related web browsers +# +mozilla = module + # Layer: apps # Module: irc # @@ -320,6 +369,13 @@ usernetctl = module # gpg = module +# Layer: apps +# Module: thunderbird +# +# Thunderbird email client +# +thunderbird = module + # Layer: apps # Module: wine # @@ -341,6 +397,20 @@ loadkeys = module # screen = module +# Layer: apps +# Module: calamaris +# +# Squid log analysis +# +calamaris = module + +# Layer: apps +# Module: tvtime +# +# tvtime - a high quality television application +# +tvtime = module + # Layer: apps # Module: java # @@ -348,6 +418,13 @@ screen = module # java = module +# Layer: apps +# Module: uml +# +# Policy for UML +# +uml = module + # Layer: apps # Module: cdrecord # @@ -355,6 +432,13 @@ java = module # cdrecord = module +# Layer: apps +# Module: mplayer +# +# Mplayer media player and encoder +# +mplayer = module + # Layer: apps # Module: webalizer # @@ -362,6 +446,13 @@ cdrecord = module # webalizer = module +# Layer: apps +# Module: ethereal +# +# Ethereal packet capture tool. +# +ethereal = module + # Layer: apps # Module: userhelper # @@ -369,6 +460,13 @@ webalizer = module # userhelper = module +# Layer: apps +# Module: games +# +# Games +# +games = module + # Layer: apps # Module: mono # @@ -383,19 +481,181 @@ mono = module # slocate = module -# Layer: kernel -# Module: bootloader +# Layer: system +# Module: xen # -# Policy for the kernel modules, kernel image, and bootloader. +# Xen hypervisor # -bootloader = module +xen = module -# Layer: kernel -# Module: storage +# Layer: system +# Module: fstools # -# Policy controlling access to storage devices +# Tools for filesystem management, such as mkfs and fsck. # -storage = module +fstools = base + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = base + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = module + +# Layer: system +# Module: daemontools +# +# Collection of tools for managing UNIX services +# +daemontools = module + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = module + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = base + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = base + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = base + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = base + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = base + +# Layer: system +# Module: pcmcia +# +# PCMCIA card management services +# +pcmcia = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = base + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = base + +# Layer: system +# Module: raid +# +# RAID array management tools +# +raid = module + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = base + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = base + +# Layer: system +# Module: hotplug +# +# Policy for hotplug system, for supporting the +# connection and disconnection of devices at runtime. +# +hotplug = base + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = base + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = base + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = module + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = base + +# Layer: system +# Module: unconfined +# +# The unconfined domain. +# +unconfined = module + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = base + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = module # Layer: services # Module: nis @@ -411,6 +671,13 @@ nis = module # distcc = module +# Layer: services +# Module: tor +# +# TOR, the onion router +# +tor = module + # Layer: services # Module: rshd # @@ -432,6 +699,13 @@ cpucontrol = module # bind = module +# Layer: services +# Module: cipe +# +# Encrypted tunnel daemon +# +cipe = module + # Layer: services # Module: canna # @@ -623,6 +897,14 @@ arpwatch = module # dovecot = module +# Layer: services +# Module: amavis +# +# Daemon that interfaces mail transfer agents and content +# checkers, such as virus scanners. +# +amavis = module + # Layer: services # Module: cups # @@ -714,13 +996,6 @@ cyrus = module # rdisc = module -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = module - # Layer: services # Module: nscd # @@ -756,12 +1031,26 @@ ftp = module # gpm = module +# Layer: services +# Module: audioentropy +# +# Generate entropy from audio input +# +audioentropy = module + # Layer: services # Module: mta # # Policy common to all email tranfer agents. # -mta = module +mta = base + +# Layer: services +# Module: rhgb +# +# Red Hat Graphical Boot +# +rhgb = module # Layer: services # Module: postfix @@ -833,6 +1122,13 @@ apache = module # slrnpull = module +# Layer: services +# Module: clamav +# +# ClamAV Virus Scanner +# +clamav = module + # Layer: services # Module: rsync # @@ -966,186 +1262,3 @@ cvs = module # rlogin = module -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module - -# Layer: system -# Module: daemontools -# -# Collection of tools for managing UNIX services -# -daemontools = module - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = base - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = base - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = module - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: system -# Module: hotplug -# -# Policy for hotplug system, for supporting the -# connection and disconnection of devices at runtime. -# -hotplug = module - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = module - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - -# Layer: system -# Module: unconfined -# -# The unconfined domain. -# -unconfined = module - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module - -# Layer: admin -# Module: mrtg -# -# System log analyzer and reporter -# -mrtg = module - -# Layer: system -# Module: xen -# -# TCP/IP encryption -# -xen = base - diff --git a/selinux-policy.spec b/selinux-policy.spec index 612eb0bb..e02ea8be 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -184,6 +184,7 @@ chmod +x ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/policyhelp # Commented out because only targeted ref policy currently builds make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n bare make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n conf +cp -f ${RPM_SOURCE_DIR}/modules-strict.conf ./policy/modules.conf %installCmds strict strict-mcs y n %endif