Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
This commit is contained in:
Dominick Grift 2010-09-17 08:54:12 +02:00
parent 1b1f7d01a9
commit c5eae5f83c
18 changed files with 183 additions and 194 deletions

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run accountsd.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed access.
## </summary>
## </summary>
## </param>
#
interface(`accountsd_domtrans',`

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run aisexec.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`aisexec_domtrans',`

View File

@ -1,4 +1,3 @@
## <summary>policy for ajaxterm</summary>
########################################
@ -6,9 +5,9 @@
## Execute a domain transition to run ajaxterm.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed access.
## </summary>
## </summary>
## </param>
#
interface(`ajaxterm_domtrans',`
@ -19,7 +18,6 @@ interface(`ajaxterm_domtrans',`
domtrans_pattern($1, ajaxterm_exec_t, ajaxterm_t)
')
########################################
## <summary>
## Execute ajaxterm server in the ajaxterm domain.
@ -68,5 +66,4 @@ interface(`ajaxterm_admin',`
domain_system_change_exemption($1)
role_transition $2 ajaxterm_initrc_exec_t system_r;
allow $2 system_r;
')

View File

@ -21,182 +21,182 @@ policy_module(apache, 2.2.0)
selinux_genbool(httpd_bool_t)
## <desc>
## <p>
## Allow Apache to modify public files
## used for public file transfer services. Directories/Files must
## be labeled public_content_rw_t.
## </p>
## <p>
## Allow Apache to modify public files
## used for public file transfer services. Directories/Files must
## be labeled public_content_rw_t.
## </p>
## </desc>
gen_tunable(allow_httpd_anon_write, false)
## <desc>
## <p>
## Allow Apache to use mod_auth_pam
## </p>
## <p>
## Allow Apache to use mod_auth_pam
## </p>
## </desc>
gen_tunable(allow_httpd_mod_auth_pam, false)
## <desc>
## <p>
## Allow httpd scripts and modules execmem/execstack
## </p>
## <p>
## Allow httpd scripts and modules execmem/execstack
## </p>
## </desc>
gen_tunable(httpd_execmem, false)
## <desc>
## <p>
## Allow httpd daemon to change system limits
## </p>
## <p>
## Allow httpd daemon to change system limits
## </p>
## </desc>
gen_tunable(httpd_setrlimit, false)
## <desc>
## <p>
## Allow httpd to use built in scripting (usually php)
## </p>
## <p>
## Allow httpd to use built in scripting (usually php)
## </p>
## </desc>
gen_tunable(httpd_builtin_scripting, false)
## <desc>
## <p>
## Allow HTTPD scripts and modules to connect to the network using any TCP port.
## </p>
## <p>
## Allow HTTPD scripts and modules to connect to the network using any TCP port.
## </p>
## </desc>
gen_tunable(httpd_can_network_connect, false)
## <desc>
## <p>
## Allow HTTPD scripts and modules to connect to cobbler over the network.
## </p>
## <p>
## Allow HTTPD scripts and modules to connect to cobbler over the network.
## </p>
## </desc>
gen_tunable(httpd_can_network_connect_cobbler, false)
## <desc>
## <p>
## Allow HTTPD scripts and modules to connect to databases over the network.
## </p>
## <p>
## Allow HTTPD scripts and modules to connect to databases over the network.
## </p>
## </desc>
gen_tunable(httpd_can_network_connect_db, false)
## <desc>
## <p>
## Allow httpd to connect to memcache server
## </p>
## <p>
## Allow httpd to connect to memcache server
## </p>
## </desc>
gen_tunable(httpd_can_network_memcache, false)
## <desc>
## <p>
## Allow httpd to act as a relay
## </p>
## <p>
## Allow httpd to act as a relay
## </p>
## </desc>
gen_tunable(httpd_can_network_relay, false)
## <desc>
## <p>
## Allow http daemon to send mail
## </p>
## <p>
## Allow http daemon to send mail
## </p>
## </desc>
gen_tunable(httpd_can_sendmail, false)
## <desc>
## <p>
## Allow http daemon to check spam
## </p>
## <p>
## Allow http daemon to check spam
## </p>
## </desc>
gen_tunable(httpd_can_check_spam, false)
## <desc>
## <p>
## Allow Apache to communicate with avahi service via dbus
## </p>
## <p>
## Allow Apache to communicate with avahi service via dbus
## </p>
## </desc>
gen_tunable(httpd_dbus_avahi, false)
## <desc>
## <p>
## Allow httpd to execute cgi scripts
## </p>
## <p>
## Allow httpd to execute cgi scripts
## </p>
## </desc>
gen_tunable(httpd_enable_cgi, false)
## <desc>
## <p>
## Allow httpd to act as a FTP server by
## listening on the ftp port.
## </p>
## <p>
## Allow httpd to act as a FTP server by
## listening on the ftp port.
## </p>
## </desc>
gen_tunable(httpd_enable_ftp_server, false)
## <desc>
## <p>
## Allow httpd to read home directories
## </p>
## <p>
## Allow httpd to read home directories
## </p>
## </desc>
gen_tunable(httpd_enable_homedirs, false)
## <desc>
## <p>
## Allow httpd to read user content
## </p>
## <p>
## Allow httpd to read user content
## </p>
## </desc>
gen_tunable(httpd_read_user_content, false)
## <desc>
## <p>
## Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
## </p>
## <p>
## Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
## </p>
## </desc>
gen_tunable(httpd_ssi_exec, false)
## <desc>
## <p>
## Allow Apache to execute tmp content.
## </p>
## <p>
## Allow Apache to execute tmp content.
## </p>
## </desc>
gen_tunable(httpd_tmp_exec, false)
## <desc>
## <p>
## Unify HTTPD to communicate with the terminal.
## Needed for entering the passphrase for certificates at
## the terminal.
## </p>
## <p>
## Unify HTTPD to communicate with the terminal.
## Needed for entering the passphrase for certificates at
## the terminal.
## </p>
## </desc>
gen_tunable(httpd_tty_comm, false)
## <desc>
## <p>
## Unify HTTPD handling of all content files.
## </p>
## <p>
## Unify HTTPD handling of all content files.
## </p>
## </desc>
gen_tunable(httpd_unified, false)
## <desc>
## <p>
## Allow httpd to access cifs file systems
## </p>
## <p>
## Allow httpd to access cifs file systems
## </p>
## </desc>
gen_tunable(httpd_use_cifs, false)
## <desc>
## <p>
## Allow httpd to run gpg in gpg-web domain
## </p>
## <p>
## Allow httpd to run gpg in gpg-web domain
## </p>
## </desc>
gen_tunable(httpd_use_gpg, false)
## <desc>
## <p>
## Allow httpd to access nfs file systems
## </p>
## <p>
## Allow httpd to access nfs file systems
## </p>
## </desc>
gen_tunable(httpd_use_nfs, false)
## <desc>
## <p>
## Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t.
## </p>
## <p>
## Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t.
## </p>
## </desc>
gen_tunable(allow_httpd_sys_script_anon_write, false)
@ -507,15 +507,16 @@ tunable_policy(`allow_httpd_mod_auth_pam',`
')
## <desc>
## <p>
## Allow Apache to use mod_auth_pam
## </p>
## <p>
## Allow Apache to use mod_auth_pam
## </p>
## </desc>
gen_tunable(allow_httpd_mod_auth_ntlm_winbind, false)
optional_policy(`
tunable_policy(`allow_httpd_mod_auth_ntlm_winbind',`
tunable_policy(`allow_httpd_mod_auth_ntlm_winbind',`
samba_domtrans_winbind_helper(httpd_t)
')
')
')
tunable_policy(`httpd_can_network_connect',`
@ -576,11 +577,11 @@ tunable_policy(`httpd_enable_ftp_server',`
')
tunable_policy(`httpd_tmp_exec && httpd_builtin_scripting',`
can_exec(httpd_t, httpd_tmp_t)
can_exec(httpd_t, httpd_tmp_t)
')
tunable_policy(`httpd_tmp_exec && httpd_enable_cgi',`
can_exec(httpd_sys_script_t, httpd_tmp_t)
can_exec(httpd_sys_script_t, httpd_tmp_t)
')
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
@ -719,9 +720,9 @@ optional_policy(`
')
optional_policy(`
passenger_domtrans(httpd_t)
passenger_manage_pid_content(httpd_t)
passenger_read_lib_files(httpd_t)
passenger_domtrans(httpd_t)
passenger_manage_pid_content(httpd_t)
passenger_read_lib_files(httpd_t)
')
optional_policy(`
@ -926,6 +927,7 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',`
manage_sock_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
manage_lnk_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent)
')
tunable_policy(`httpd_enable_cgi',`
domtrans_pattern(httpd_suexec_t, httpd_user_script_t, httpd_user_script_t)
')
@ -998,9 +1000,9 @@ tunable_policy(`httpd_can_sendmail',`
')
optional_policy(`
tunable_policy(`httpd_can_sendmail && httpd_can_check_spam',`
spamassassin_domtrans_client(httpd_t)
')
tunable_policy(`httpd_can_sendmail && httpd_can_check_spam',`
spamassassin_domtrans_client(httpd_t)
')
')
fs_cifs_entry_type(httpd_sys_script_t)
@ -1145,7 +1147,6 @@ tunable_policy(`httpd_read_user_content',`
typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_script_ro_t };
typealias httpd_sys_rw_content_t alias { httpd_fastcgi_rw_content_t httpd_fastcgi_script_rw_t };
typealias httpd_sys_ra_content_t alias httpd_fastcgi_script_ra_t;
typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
typealias httpd_sys_ra_content_t alias httpd_fastcgi_script_ra_t;
typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run apcupsd.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`apcupsd_domtrans',`
@ -83,9 +83,9 @@ interface(`apcupsd_read_log',`
## apcupsd log files.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed access.
## </summary>
## </summary>
## </param>
#
interface(`apcupsd_append_log',`
@ -103,9 +103,9 @@ interface(`apcupsd_append_log',`
## Execute a domain transition to run httpd_apcupsd_cgi_script.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`apcupsd_cgi_script_domtrans',`

View File

@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
## <summary>
## Domain allowed accesss.
## Domain allowed accesss.
## </summary>
## </param>
#

View File

@ -1,4 +1,3 @@
## <summary>policy for boinc</summary>
########################################
@ -6,9 +5,9 @@
## Execute a domain transition to run boinc.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`boinc_domtrans',`
@ -21,20 +20,20 @@ interface(`boinc_domtrans',`
#######################################
## <summary>
## Execute boinc server in the boinc domain.
## Execute boinc server in the boinc domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`boinc_initrc_domtrans',`
gen_require(`
type boinc_initrc_exec_t;
')
gen_require(`
type boinc_initrc_exec_t;
')
init_labeled_script_domtrans($1, boinc_initrc_exec_t)
init_labeled_script_domtrans($1, boinc_initrc_exec_t)
')
########################################
@ -72,7 +71,7 @@ interface(`boinc_read_lib_files',`
')
files_search_var_lib($1)
read_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
read_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
')
########################################
@ -92,7 +91,7 @@ interface(`boinc_manage_lib_files',`
')
files_search_var_lib($1)
manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
')
########################################
@ -110,9 +109,9 @@ interface(`boinc_manage_var_lib',`
type boinc_var_lib_t;
')
manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t)
')
########################################

View File

@ -14,7 +14,6 @@
#
# Define the policy interface for the CacheFiles userspace management daemon.
#
## <summary>policy for cachefilesd</summary>
########################################
@ -22,9 +21,9 @@
## Execute a domain transition to run cachefilesd.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`cachefilesd_domtrans',`

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run ccs.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`ccs_domtrans',`

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run certmaster.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`certmaster_domtrans',`

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run certmonger.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`certmonger_domtrans',`

View File

@ -6,9 +6,9 @@
## CG Clear.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`cgroup_domtrans_cgclear',`
@ -26,9 +26,9 @@ interface(`cgroup_domtrans_cgclear',`
## CG config parser.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`cgroup_domtrans_cgconfig',`
@ -65,9 +65,9 @@ interface(`cgroup_initrc_domtrans_cgconfig',`
## CG rules engine daemon.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`cgroup_domtrans_cgred',`

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run clogd.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`clogd_domtrans',`

View File

@ -1,4 +1,3 @@
## <summary>policy for cmirrord</summary>
########################################
@ -6,9 +5,9 @@
## Execute a domain transition to run cmirrord.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`cmirrord_domtrans',`
@ -58,26 +57,26 @@ interface(`cmirrord_read_pid_files',`
#######################################
## <summary>
## Read and write to cmirrord shared memory.
## Read and write to cmirrord shared memory.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed access.
## </summary>
## </summary>
## </param>
#
interface(`cmirrord_rw_shm',`
gen_require(`
type cmirrord_t;
gen_require(`
type cmirrord_t;
type cmirrord_tmpfs_t;
')
')
allow $1 cmirrord_t:shm { rw_shm_perms destroy };
allow $1 cmirrord_tmpfs_t:dir list_dir_perms;
rw_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
allow $1 cmirrord_t:shm { rw_shm_perms destroy };
allow $1 cmirrord_tmpfs_t:dir list_dir_perms;
rw_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
delete_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
read_lnk_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
fs_search_tmpfs($1)
fs_search_tmpfs($1)
')
########################################
@ -101,7 +100,7 @@ interface(`cmirrord_admin',`
gen_require(`
type cmirrord_t;
type cmirrord_initrc_exec_t;
type cmirrord_var_run_t;
type cmirrord_var_run_t;
')
allow $1 cmirrord_t:process { ptrace signal_perms };
@ -114,5 +113,4 @@ interface(`cmirrord_admin',`
files_search_pids($1)
admin_pattern($1, cmirrord_var_run_t)
')

View File

@ -1,12 +1,12 @@
## <summary>Cobbler installation server.</summary>
## <desc>
## <p>
## Cobbler is a Linux installation server that allows for
## rapid setup of network installation environments. It
## glues together and automates many associated Linux
## tasks so you do not have to hop between lots of various
## commands and applications when rolling out new systems,
## and, in some cases, changing existing ones.
## Cobbler is a Linux installation server that allows for
## rapid setup of network installation environments. It
## glues together and automates many associated Linux
## tasks so you do not have to hop between lots of various
## commands and applications when rolling out new systems,
## and, in some cases, changing existing ones.
## </p>
## </desc>
@ -15,9 +15,9 @@
## Execute a domain transition to run cobblerd.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`cobblerd_domtrans',`

View File

@ -5,9 +5,9 @@
## Execute a domain transition to run consolekit.
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </summary>
## </param>
#
interface(`consolekit_domtrans',`

View File

@ -20,21 +20,21 @@ interface(`corosync_domtrans',`
######################################
## <summary>
## Execute corosync in the caller domain.
## Execute corosync in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`corosync_exec',`
gen_require(`
type corosync_exec_t;
')
gen_require(`
type corosync_exec_t;
')
corecmd_search_bin($1)
can_exec($1, corosync_exec_t)
corecmd_search_bin($1)
can_exec($1, corosync_exec_t)
')
#######################################

View File

@ -152,7 +152,6 @@ interface(`cron_role',`
')
dbus_stub(cronjob_t)
allow cronjob_t $2:dbus send_msg;
')
')
@ -188,7 +187,6 @@ interface(`cron_unconfined_role',`
')
dbus_stub(unconfined_cronjob_t)
allow unconfined_cronjob_t $2:dbus send_msg;
')
')
@ -241,7 +239,6 @@ interface(`cron_admin_role',`
')
dbus_stub(admin_cronjob_t)
allow cronjob_t $2:dbus send_msg;
')
')
@ -695,8 +692,7 @@ interface(`cron_read_system_job_lib_files',`
type system_cronjob_var_lib_t;
')
read_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
read_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
')
########################################
@ -714,6 +710,5 @@ interface(`cron_manage_system_job_lib_files',`
type system_cronjob_var_lib_t;
')
manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
')