Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
This commit is contained in:
Dominick Grift 2010-09-22 11:21:30 +02:00
parent 9c7f2af2ed
commit 9a0f7994cb
10 changed files with 46 additions and 44 deletions

View File

@ -6,10 +6,10 @@ policy_module(abrt, 1.1.1)
#
## <desc>
## <p>
## Allow ABRT to modify public files
## used for public file transfer services.
## </p>
## <p>
## Allow ABRT to modify public files
## used for public file transfer services.
## </p>
## </desc>
gen_tunable(abrt_anon_write, false)
@ -154,7 +154,7 @@ userdom_dontaudit_read_user_home_content_files(abrt_t)
userdom_dontaudit_read_admin_home_files(abrt_t)
tunable_policy(`abrt_anon_write',`
miscfiles_manage_public_files(abrt_t)
miscfiles_manage_public_files(abrt_t)
')
optional_policy(`
@ -175,7 +175,7 @@ optional_policy(`
')
optional_policy(`
policykit_dbus_chat(abrt_t)
policykit_dbus_chat(abrt_t)
policykit_domtrans_auth(abrt_t)
policykit_read_lib(abrt_t)
policykit_read_reload(abrt_t)
@ -214,7 +214,7 @@ optional_policy(`
########################################
#
# abrt--helper local policy
# abrt-helper local policy
#
allow abrt_helper_t self:capability { chown setgid sys_nice };
@ -248,13 +248,15 @@ miscfiles_read_localization(abrt_helper_t)
term_dontaudit_use_all_ttys(abrt_helper_t)
term_dontaudit_use_all_ptys(abrt_helper_t)
ifdef(`hide_broken_symptoms', `
ifdef(`hide_broken_symptoms',`
domain_dontaudit_leaks(abrt_helper_t)
userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
optional_policy(`
rpm_dontaudit_leaks(abrt_helper_t)
')
dev_dontaudit_read_all_blk_files(abrt_helper_t)
dev_dontaudit_read_all_chr_files(abrt_helper_t)
dev_dontaudit_write_all_chr_files(abrt_helper_t)
@ -262,13 +264,12 @@ ifdef(`hide_broken_symptoms', `
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
')
ifdef(`hide_broken_symptoms', `
ifdef(`hide_broken_symptoms',`
gen_require(`
attribute domain;
attribute domain;
')
allow abrt_t self:capability sys_resource;
allow abrt_t self:capability sys_resource;
allow abrt_t domain:file write;
allow abrt_t domain:process setrlimit;
')

View File

@ -82,7 +82,7 @@ files_var_filetrans(afs_t, afs_cache_t, { file dir })
kernel_rw_afs_state(afs_t)
ifdef(`hide_broken_symptoms', `
ifdef(`hide_broken_symptoms',`
kernel_rw_unlabeled_files(afs_t)
')

View File

@ -35,8 +35,8 @@ allow aiccu_t self:unix_stream_socket create_stream_socket_perms;
allow aiccu_t aiccu_etc_t:file read_file_perms;
manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
manage_dirs_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
manage_files_pattern(aiccu_t, aiccu_var_run_t, aiccu_var_run_t)
files_pid_filetrans(aiccu_t, aiccu_var_run_t, { file dir })
kernel_read_system_state(aiccu_t)

View File

@ -1,4 +1,4 @@
policy_module(ajaxterm,1.0.0)
policy_module(ajaxterm, 1.0.0)
########################################
#

View File

@ -4,6 +4,7 @@ policy_module(apm, 1.11.0)
#
# Declarations
#
type apmd_t;
type apmd_exec_t;
init_daemon_domain(apmd_t, apmd_exec_t)

View File

@ -6,10 +6,10 @@ policy_module(bind, 1.11.0)
#
## <desc>
## <p>
## Allow BIND to write the master zone files.
## Generally this is used for dynamic DNS or zone transfers.
## </p>
## <p>
## Allow BIND to write the master zone files.
## Generally this is used for dynamic DNS or zone transfers.
## </p>
## </desc>
gen_tunable(named_write_master_zones, false)

View File

@ -4,6 +4,7 @@ policy_module(bluetooth, 3.3.0)
#
# Declarations
#
type bluetooth_t;
type bluetooth_exec_t;
init_daemon_domain(bluetooth_t, bluetooth_exec_t)

View File

@ -1,4 +1,4 @@
policy_module(boinc,1.0.0)
policy_module(boinc, 1.0.0)
########################################
#
@ -52,15 +52,15 @@ manage_files_pattern(boinc_t, boinc_tmp_t, boinc_tmp_t)
files_tmp_filetrans(boinc_t, boinc_tmp_t, { dir file })
manage_files_pattern(boinc_t, boinc_tmpfs_t, boinc_tmpfs_t)
fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t,file)
fs_tmpfs_filetrans(boinc_t, boinc_tmpfs_t, file)
exec_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
manage_dirs_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
manage_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
exec_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
manage_dirs_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
manage_files_pattern(boinc_t, boinc_var_lib_t, boinc_var_lib_t)
filetrans_pattern(boinc_t, boinc_var_lib_t, boinc_project_var_lib_t, { dir })
manage_dirs_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_files_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_dirs_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_files_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
kernel_read_system_state(boinc_t)
@ -128,9 +128,9 @@ manage_files_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
files_tmp_filetrans(boinc_project_t, boinc_project_tmp_t, { dir file })
allow boinc_project_t boinc_project_var_lib_t:file entrypoint;
exec_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
exec_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_dirs_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
manage_files_pattern(boinc_project_t, boinc_project_var_lib_t, boinc_project_var_lib_t)
files_var_lib_filetrans(boinc_project_t, boinc_project_var_lib_t, { file dir })
allow boinc_project_t boinc_project_var_lib_t:file execmod;
@ -162,5 +162,5 @@ miscfiles_read_fonts(boinc_project_t)
miscfiles_read_localization(boinc_project_t)
optional_policy(`
java_exec(boinc_project_t)
java_exec(boinc_project_t)
')

View File

@ -53,4 +53,3 @@ optional_policy(`
optional_policy(`
postgresql_stream_connect(httpd_bugzilla_script_t)
')

View File

@ -17,7 +17,7 @@
# cache, on behalf of the processes accessing the cache through a network
# filesystem such as NFS
#
policy_module(cachefilesd,1.0.17)
policy_module(cachefilesd, 1.0.17)
###############################################################################
#
@ -78,7 +78,7 @@ rpm_use_script_fds(cachefilesd_t)
# Check in /usr/share/selinux/devel/include/ for macros to use instead of allow
# rules.
#
allow cachefilesd_t self : capability { setuid setgid sys_admin dac_override };
allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
# Basic access
files_read_etc_files(cachefilesd_t)
@ -92,18 +92,18 @@ term_dontaudit_getattr_unallocated_ttys(cachefilesd_t)
# Allow manipulation of pid file
allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
manage_files_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
manage_dirs_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
manage_files_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
manage_dirs_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
files_pid_file(cachefilesd_var_run_t)
files_pid_filetrans(cachefilesd_t,cachefilesd_var_run_t,file)
files_pid_filetrans(cachefilesd_t, cachefilesd_var_run_t, file)
files_create_as_is_all_files(cachefilesd_t)
# Allow access to cachefiles device file
allow cachefilesd_t cachefiles_dev_t : chr_file rw_file_perms;
allow cachefilesd_t cachefiles_dev_t:chr_file rw_file_perms;
# Allow access to cache superstructure
allow cachefilesd_t cachefiles_var_t : dir { rw_dir_perms rmdir };
allow cachefilesd_t cachefiles_var_t : file { getattr rename unlink };
allow cachefilesd_t cachefiles_var_t:dir { rw_dir_perms rmdir };
allow cachefilesd_t cachefiles_var_t:file { getattr rename unlink };
# Permit statfs on the backing filesystem
fs_getattr_xattr_fs(cachefilesd_t)
@ -119,14 +119,14 @@ fs_getattr_xattr_fs(cachefilesd_t)
# (1) the security context used by the module to access files in the cache,
# as set by the 'secctx' command in /etc/cachefilesd.conf, and
#
allow cachefilesd_t cachefiles_kernel_t : kernel_service { use_as_override };
allow cachefilesd_t cachefiles_kernel_t:kernel_service { use_as_override };
#
# (2) the label that will be assigned to new files and directories created in
# the cache by the module, which will be the same as the label on the
# directory pointed to by the 'dir' command.
#
allow cachefilesd_t cachefiles_var_t : kernel_service { create_files_as };
allow cachefilesd_t cachefiles_var_t:kernel_service { create_files_as };
###############################################################################
#
@ -138,8 +138,8 @@ allow cachefilesd_t cachefiles_var_t : kernel_service { create_files_as };
allow cachefiles_kernel_t self:capability { dac_override dac_read_search };
allow cachefiles_kernel_t initrc_t:process sigchld;
manage_dirs_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
manage_files_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
manage_dirs_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
manage_files_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
fs_getattr_xattr_fs(cachefiles_kernel_t)