From 9439a25899246008ffb6a7348a61948737e0e29c Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 26 Aug 2005 13:30:59 +0000 Subject: [PATCH] update config, switch most to module --- .../policy/modules.conf.targeted_example | 191 +++++++++++++----- 1 file changed, 139 insertions(+), 52 deletions(-) diff --git a/refpolicy/policy/modules.conf.targeted_example b/refpolicy/policy/modules.conf.targeted_example index c0fbd0a5..d0e0825b 100644 --- a/refpolicy/policy/modules.conf.targeted_example +++ b/refpolicy/policy/modules.conf.targeted_example @@ -11,6 +11,14 @@ # as individual loadable modules. # +# Layer: kernel +# Module: devices +# Required in base +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + # Layer: kernel # Module: filesystem # Required in base @@ -27,6 +35,14 @@ filesystem = base # selinux = base +# Layer: kernel +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + # Layer: kernel # Module: kernel # Required in base @@ -64,7 +80,7 @@ domain = base # # Policy for managing user accounts. # -usermanage = base +usermanage = module # Layer: admin # Module: rpm @@ -78,7 +94,7 @@ rpm = off # # Policy for dmesg. # -dmesg = base +dmesg = module # Layer: admin # Module: logrotate @@ -92,35 +108,35 @@ logrotate = off # # Determine of the console connected to the controlling terminal. # -consoletype = base +consoletype = module # Layer: admin # Module: netutils # # Network analysis utilities # -netutils = base +netutils = module # Layer: admin # Module: acct # # Berkeley process accounting # -acct = base +acct = module # Layer: admin # Module: tmpreaper # # Manage temporary directory sizes and file ages # -tmpreaper = base +tmpreaper = module # Layer: admin # Module: updfstab # # Red Hat utility to change /etc/fstab. # -updfstab = base +updfstab = module # Layer: admin # Module: su @@ -129,6 +145,28 @@ updfstab = base # su = off +# Layer: admin +# Module: sudo +# +# Execute a command with a substitute user +# +sudo = module + +# Layer: admin +# Module: quota +# +# File system quota management +# +quota = module + +# Layer: admin +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +firstboot = module + # Layer: apps # Module: gpg # @@ -136,54 +174,47 @@ su = off # gpg = off -# Layer: kernel -# Module: devices +# Layer: apps +# Module: loadkeys # -# Device nodes and interfaces for many basic system devices. +# Load keyboard mappings. # -devices = base +loadkeys = module # Layer: kernel # Module: bootloader # # Policy for the kernel modules, kernel image, and bootloader. # -bootloader = base +bootloader = module # Layer: kernel # Module: storage # # Policy controlling access to storage devices # -storage = base - -# Layer: kernel -# Module: terminal -# -# Policy for terminals. -# -terminal = base +storage = module # Layer: services # Module: remotelogin # # Policy for rshd, rlogind, and telnetd. # -remotelogin = base +remotelogin = module # Layer: services # Module: nscd # # Name service cache daemon # -nscd = base +nscd = module # Layer: services # Module: nis # # Policy for NIS (YP) servers and clients # -nis = base +nis = module # Layer: services # Module: sendmail @@ -204,126 +235,182 @@ ssh = off # # Periodic execution of scheduled commands. # -cron = base +cron = module # Layer: services # Module: inetd # # Internet services daemon. # -inetd = base +inetd = module # Layer: services # Module: kerberos # # MIT Kerberos admin and KDC # -kerberos = base +kerberos = module # Layer: services # Module: mta # # Policy common to all email tranfer agents. # -mta = base +mta = module # Layer: services # Module: mysql # # Policy for MySQL # -mysql = base +mysql = module + +# Layer: services +# Module: tcpd +# +# Policy for TCP daemon. +# +tcpd = module + +# Layer: services +# Module: rshd +# +# Remote shell service. +# +rshd = module + +# Layer: services +# Module: ldap +# +# OpenLDAP directory server +# +ldap = module + +# Layer: services +# Module: gpm +# +# General Purpose Mouse driver +# +gpm = module + +# Layer: services +# Module: howl +# +# Port of Apple Rendezvous multicast DNS +# +howl = module + +# Layer: services +# Module: rsync +# +# Fast incremental file transfer for synchronization +# +rsync = module + +# Layer: services +# Module: privoxy +# +# Privacy enhancing web proxy. +# +privoxy = module + +# Layer: services +# Module: bind +# +# Berkeley internet name domain DNS server. +# +bind = module # Layer: system # Module: unconfined # # The unconfined domain. # -unconfined = base +unconfined = module # Layer: system # Module: authlogin # # Common policy for authentication and user login. # -authlogin = base +authlogin = module # Layer: system # Module: selinuxutil # # Policy for SELinux policy and userland applications. # -selinuxutil = base +selinuxutil = module # Layer: system # Module: getty # # Policy for getty. # -getty = base +getty = module # Layer: system # Module: mount # # Policy for mount. # -mount = base +mount = module # Layer: system # Module: ipsec # # TCP/IP encryption # -ipsec = base +ipsec = module # Layer: system # Module: locallogin # # Policy for local logins. # -locallogin = base +locallogin = module # Layer: system # Module: logging # # Policy for the kernel message logger and system logging daemon. # -logging = base +logging = module # Layer: system # Module: sysnetwork # # Policy for network configuration: ifconfig and dhcp client. # -sysnetwork = base +sysnetwork = module # Layer: system # Module: fstools # # Tools for filesystem management, such as mkfs and fsck. # -fstools = base +fstools = module # Layer: system # Module: pcmcia # # PCMCIA card management services # -pcmcia = base +pcmcia = module # Layer: system # Module: iptables # # Policy for iptables. # -iptables = base +iptables = module # Layer: system # Module: userdomain # # Policy for user domains # -userdomain = base +userdomain = module # Layer: system # Module: corecommands @@ -331,7 +418,7 @@ userdomain = base # Core policy for shells, and generic programs # in /bin, /sbin, /usr/bin, and /usr/sbin. # -corecommands = base +corecommands = module # Layer: system # Module: hotplug @@ -339,68 +426,68 @@ corecommands = base # Policy for hotplug system, for supporting the # connection and disconnection of devices at runtime. # -hotplug = base +hotplug = module # Layer: system # Module: clock # # Policy for reading and setting the hardware clock. # -clock = base +clock = module # Layer: system # Module: lvm # # Policy for logical volume management programs. # -lvm = base +lvm = module # Layer: system # Module: modutils # # Policy for kernel module utilities # -modutils = base +modutils = module # Layer: system # Module: init # # System initialization programs (init and init scripts). # -init = base +init = module # Layer: system # Module: udev # # Policy for udev. # -udev = base +udev = module # Layer: system # Module: hostname # # Policy for changing the system host name. # -hostname = base +hostname = module # Layer: system # Module: raid # # RAID array management tools # -raid = base +raid = module # Layer: system # Module: libraries # # Policy for system libraries. # -libraries = base +libraries = module # Layer: system # Module: miscfiles # # Miscelaneous files. # -miscfiles = base +miscfiles = module