From a3754ffe12fade14cca5260263f66d9de1cb1373 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 24 Oct 2005 16:01:26 +0000 Subject: [PATCH] add configuration for testing --- refpolicy/Makefile | 6 +- refpolicy/policy/modules.conf | 861 ++++++++++++++++++++++++++++++++++ 2 files changed, 864 insertions(+), 3 deletions(-) create mode 100644 refpolicy/policy/modules.conf diff --git a/refpolicy/Makefile b/refpolicy/Makefile index 967dac22..6f3ac9f5 100644 --- a/refpolicy/Makefile +++ b/refpolicy/Makefile @@ -30,7 +30,7 @@ # strict, targeted, # strict-mls, targeted-mls, # strict-mcs, targeted-mcs -TYPE = strict +TYPE = targeted-mcs # Policy Name # If set, this will be used as the policy @@ -45,7 +45,7 @@ NAME = refpolicy # for the distribution. # redhat, gentoo, debian, and suse are current options. # Fedora users should enable redhat. -#DISTRO = redhat +DISTRO = redhat # Direct admin init # Setting this will allow sysadm to directly @@ -53,7 +53,7 @@ NAME = refpolicy # This is a build option, as role transitions do # not work in conditional policy. # This option will be impled as y for redhat policies. -DIRECT_INITRC=n +DIRECT_INITRC=y # Build monolithic policy. Putting n here # will build a loadable module policy. diff --git a/refpolicy/policy/modules.conf b/refpolicy/policy/modules.conf new file mode 100644 index 00000000..c5e97df1 --- /dev/null +++ b/refpolicy/policy/modules.conf @@ -0,0 +1,861 @@ +# +# This file contains a listing of available modules. +# To prevent a module from being used in policy +# creation, set the module name to "off". +# +# For monolithic policies, modules set to "base" and "module" +# will be built into the policy. +# +# For modular policies, modules set to "base" will be +# included in the base module. "module" will be compiled +# as individual loadable modules. +# + +# Layer: kernel +# Module: devices +# Required in base +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + +# Layer: kernel +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Layer: kernel +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: kernel +# Module: mls +# Required in base +# +# Multilevel security policy +# +mls = base + +# Layer: kernel +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + +# Layer: kernel +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Layer: kernel +# Module: corenetwork +# Required in base +# +# Policy controlling access to network objects +# +corenetwork = base + +# Layer: system +# Module: corecommands +# Required in base +# +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. +# +corecommands = base + +# Layer: system +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Layer: system +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = base + +# Layer: admin +# Module: rpm +# +# Policy for the RPM package manager. +# +rpm = base + +# Layer: admin +# Module: tmpreaper +# +# Manage temporary directory sizes and file ages +# +tmpreaper = base + +# Layer: admin +# Module: kudzu +# +# Hardware detection and configuration tools +# +kudzu = base + +# Layer: admin +# Module: anaconda +# +# Policy for the Anaconda installer. +# +anaconda = off + +# Layer: admin +# Module: netutils +# +# Network analysis utilities +# +netutils = base + +# Layer: admin +# Module: acct +# +# Berkeley process accounting +# +acct = base + +# Layer: admin +# Module: sudo +# +# Execute a command with a substitute user +# +sudo = off + +# Layer: admin +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +firstboot = base + +# Layer: admin +# Module: su +# +# Run shells with substitute user and group +# +su = base + +# Layer: admin +# Module: quota +# +# File system quota management +# +quota = base + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = base + +# Layer: admin +# Module: logrotate +# +# Rotate and archive system logs +# +logrotate = base + +# Layer: admin +# Module: vpn +# +# Virtual Private Networking client +# +vpn = base + +# Layer: admin +# Module: consoletype +# +# Determine of the console connected to the controlling terminal. +# +consoletype = base + +# Layer: admin +# Module: updfstab +# +# Red Hat utility to change /etc/fstab. +# +updfstab = base + +# Layer: admin +# Module: dmidecode +# +# Decode DMI data for x86/ia64 bioses. +# +dmidecode = base + +# Layer: admin +# Module: amanda +# +# Automated backup program. +# +amanda = base + +# Layer: apps +# Module: webalizer +# +# Web server log analysis +# +webalizer = module + +# Layer: apps +# Module: loadkeys +# +# Load keyboard mappings. +# +loadkeys = off + +# Layer: apps +# Module: gpg +# +# Policy for GNU Privacy Guard and related programs. +# +gpg = off + +# Layer: kernel +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Layer: services +# Module: portmap +# +# RPC port mapping service. +# +portmap = module + +# Layer: services +# Module: apm +# +# Advanced power management daemon +# +apm = base + +# Layer: services +# Module: remotelogin +# +# Policy for rshd, rlogind, and telnetd. +# +remotelogin = base + +# Layer: services +# Module: rlogin +# +# Remote login daemon +# +rlogin = base + +# Layer: services +# Module: postfix +# +# Postfix email server +# +postfix = base + +# Layer: services +# Module: cyrus +# +# Cyrus is an IMAP service intended to be run on sealed servers +# +cyrus = base + +# Layer: services +# Module: rsync +# +# Fast incremental file transfer for synchronization +# +rsync = base + +# Layer: services +# Module: ktalk +# +# KDE Talk daemon +# +ktalk = base + +# Layer: services +# Module: finger +# +# Finger user information service. +# +finger = base + +# Layer: services +# Module: cron +# +# Periodic execution of scheduled commands. +# +cron = base + +# Layer: services +# Module: tftp +# +# Trivial file transfer protocol daemon +# +tftp = base + +# Layer: services +# Module: canna +# +# Canna - kana-kanji conversion server +# +canna = base + +# Layer: services +# Module: gpm +# +# General Purpose Mouse driver +# +gpm = off + +# Layer: services +# Module: nscd +# +# Name service cache daemon +# +nscd = base + +# Layer: services +# Module: sendmail +# +# Policy for sendmail. +# +sendmail = off + +# Layer: services +# Module: stunnel +# +# SSL Tunneling Proxy +# +stunnel = base + +# Layer: services +# Module: dbus +# +# Desktop messaging bus +# +dbus = base + +# Layer: services +# Module: ftp +# +# File transfer protocol service +# +ftp = base + +# Layer: services +# Module: dbskk +# +# Dictionary server for the SKK Japanese input method system. +# +dbskk = base + +# Layer: services +# Module: tcpd +# +# Policy for TCP daemon. +# +tcpd = base + +# Layer: services +# Module: radvd +# +# IPv6 router advertisement daemon +# +radvd = base + +# Layer: services +# Module: rshd +# +# Remote shell service. +# +rshd = base + +# Layer: services +# Module: sasl +# +# SASL authentication server +# +sasl = base + +# Layer: services +# Module: postgresql +# +# PostgreSQL relational database +# +postgresql = module + +# Layer: services +# Module: ntp +# +# Network time protocol daemon +# +ntp = base + +# Layer: services +# Module: ldap +# +# OpenLDAP directory server +# +ldap = module + +# Layer: services +# Module: inetd +# +# Internet services daemon. +# +inetd = base + +# Layer: services +# Module: apache +# +# Apache web server +# +apache = module + +# Layer: services +# Module: squid +# +# Squid caching http proxy server +# +squid = module + +# Layer: services +# Module: howl +# +# Port of Apple Rendezvous multicast DNS +# +howl = base + +# Layer: services +# Module: dictd +# +# Dictionary daemon +# +dictd = base + +# Layer: services +# Module: kerberos +# +# MIT Kerberos admin and KDC +# +kerberos = base + +# Layer: services +# Module: radius +# +# RADIUS authentication and accounting server. +# +radius = base + +# Layer: services +# Module: uucp +# +# Unix to Unix Copy +# +uucp = base + +# Layer: services +# Module: nis +# +# Policy for NIS (YP) servers and clients +# +nis = base + +# Layer: services +# Module: dhcp +# +# Dynamic host configuration protocol (DHCP) server +# +dhcp = module + +# Layer: services +# Module: samba +# +# SMB and CIFS client/server programs for UNIX and +# name Service Switch daemon for resolving names +# from Windows NT servers. +# +samba = module + +# Layer: services +# Module: telnet +# +# Telnet daemon +# +telnet = off + +# Layer: services +# Module: inn +# +# Internet News NNTP server +# +inn = base + +# Layer: services +# Module: ssh +# +# Secure shell client and server policy. +# +ssh = off + +# Layer: services +# Module: networkmanager +# +# Manager for dynamically switching between networks. +# +networkmanager = base + +# Layer: services +# Module: xdm +# +# X windows login display manager +# +xdm = base + +# Layer: services +# Module: arpwatch +# +# Ethernet activity monitor. +# +arpwatch = base + +# Layer: services +# Module: distcc +# +# Distributed compiler daemon +# +distcc = off + +# Layer: services +# Module: mta +# +# Policy common to all email tranfer agents. +# +mta = base + +# Layer: services +# Module: zebra +# +# Zebra border gateway protocol network routing service +# +zebra = base + +# Layer: services +# Module: hal +# +# Hardware abstraction layer +# +hal = base + +# Layer: services +# Module: cpucontrol +# +# Services for loading CPU microcode and CPU frequency scaling. +# +cpucontrol = base + +# Layer: services +# Module: mysql +# +# Policy for MySQL +# +mysql = module + +# Layer: services +# Module: cups +# +# Common UNIX printing system +# +cups = base + +# Layer: services +# Module: bind +# +# Berkeley internet name domain DNS server. +# +bind = module + +# Layer: services +# Module: snmp +# +# Simple network management protocol services +# +snmp = module + +# Layer: services +# Module: spamassassin +# +# Filter used for removing unsolicited email. +# +spamassassin = base + +# Layer: services +# Module: mailman +# +# Mailman is for managing electronic mail discussion and e-newsletter lists +# +mailman = module + +# Layer: services +# Module: lpd +# +# Line printer daemon +# +lpd = base + +# Layer: services +# Module: privoxy +# +# Privacy enhancing web proxy. +# +privoxy = base + +# Layer: services +# Module: comsat +# +# Comsat, a biff server. +# +comsat = base + +# Layer: services +# Module: cvs +# +# Concurrent versions system +# +cvs = base + +# Layer: services +# Module: ppp +# +# Point to Point Protocol daemon creates links in ppp networks +# +ppp = base + +# Layer: services +# Module: dovecot +# +# Dovecot POP and IMAP mail server +# +dovecot = base + +# Layer: services +# Module: bluetooth +# +# Bluetooth tools and system services. +# +bluetooth = base + +# Layer: services +# Module: pegasus +# +# The Open Group Pegasus CIM/WBEM Server. +# +pegasus = base + +# Layer: services +# Module: rpc +# +# Remote Procedure Call Daemon for managment of network based process communication +# +rpc = base + +# Layer: system +# Module: unconfined +# +# The unconfined domain. +# +unconfined = base + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = base + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = base + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = base + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = base + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = base + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = base + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = base + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = base + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = base + +# Layer: system +# Module: pcmcia +# +# PCMCIA card management services +# +pcmcia = base + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = base + +# Layer: system +# Module: hotplug +# +# Policy for hotplug system, for supporting the +# connection and disconnection of devices at runtime. +# +hotplug = base + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = base + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = base + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = base + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = base + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = base + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = base + +# Layer: system +# Module: raid +# +# RAID array management tools +# +raid = base + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = base + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = base +